Home
Description
PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.
References
phpgurukul.com/online-course-registration-free-download/
github.com/...70899/blob/main/Missing_CSRF_protection_poc.md