Home

Description

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

PUBLISHED Reserved 2026-01-01 | Published 2026-01-01 | Updated 2026-01-05 | Assigner VulDB




MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
6.5AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR

Problem types

Missing Authorization

Incorrect Authorization

Product status

3.0
affected

3.1
affected

Timeline

2026-01-01:Advisory disclosed
2026-01-01:VulDB entry created
2026-01-01:VulDB entry last update

Credits

hackerfactory (VulDB User) reporter

References

vuldb.com/?id.339326 (VDB-339326 | PHPGurukul Online Course Registration authorization) vdb-entry

vuldb.com/?ctiid.339326 (VDB-339326 | CTI Indicators (IOB, IOC)) signature permissions-required

vuldb.com/?submit.728354 (Submit #728354 | PHPGurukul Online Course Registration v3.1 Missing Authorization) third-party-advisory

github.com/...egistration/blob/main/Broken Access Control.md exploit

phpgurukul.com/ product

cve.org (CVE-2025-15406)

nvd.nist.gov (CVE-2025-15406)

Download JSON

Data based on CVE®. Copyright © 1999-2025, The MITRE Corporation. All rights reserved.