CVE-2025-70899 β€” Cross-Site Request Forgery in Online Course Registration

CWE-352 β€” Cross-Site Request Forgery3 documents3 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 92.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul Online Course Registration
Timeline
PublishedJan 22

Description

PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
CVEList
CVE-2025-70899: PHPgurukul Online Course Registration v3β†—2026-01-22
β–Ά
GHSA
GHSA-p55f-69cf-qgpm: PHPgurukul Online Course Registration v3β†—2026-01-22
β–Ά
CVE-2025-70899 β€” Cross-Site Request Forgery | cvebase