Phpgurukul Online Course Registration vulnerabilities

CVE-2026-5814 [MEDIUM] CWE-74 CVE-2026-5814: A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.

CVE-2026-5813 [MEDIUM] CWE-74 CVE-2026-5813: A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affe A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.

CVE-2025-70899 [MEDIUM] CWE-352 CVE-2025-70899: PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all PHPgurukul Online Course Registration v3.1 lacks Cross-Site Request Forgery (CSRF) protection on all administrative forms. An attacker can perform unauthorized actions on behalf of authenticated administrators by tricking them into visiting a malicious webpage.

CVE-2026-0547 [MEDIUM] CWE-284 CVE-2026-0547: A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects som A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and

CVE-2025-15406 [MEDIUM] CWE-862 CVE-2025-15406: A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown fu A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

CVE-2025-10663 [MEDIUM] CWE-74 CVE-2025-10663: A vulnerability was found in PHPGurukul Online Course Registration 3.1. This affects an unknown func A vulnerability was found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /my-profile.php. Performing manipulation of the argument cgpa results in sql injection. The attack may be initiated remotely. The exploit has been made public and could be used.

CVE-2025-10025 [MEDIUM] CWE-74 CVE-2025-10025: A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown A vulnerability has been found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/semester.php. The manipulation of the argument semester leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-9729 [MEDIUM] CWE-74 CVE-2025-9729: A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affect A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /admin/student-registration.php. Performing manipulation of the argument studentname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVE-2025-9307 [MEDIUM] CWE-74 CVE-2025-9307: A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function A flaw has been found in PHPGurukul Online Course Registration 3.1. This affects an unknown function of the file /admin/session.php. This manipulation of the argument sesssion causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.

CVE-2025-50485 [HIGH] CWE-613 CVE-2025-50485: Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Improper session invalidation in the component /crm/change-password.php of PHPGurukul Online Course Registration v3.1 allows attackers to execute a session hijacking attack.

CVE-2025-4773 [MEDIUM] CWE-74 CVE-2025-4773: A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. A A vulnerability was found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/level.php. The manipulation of the argument level leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-4794 [MEDIUM] CWE-74 CVE-2025-4794: A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been declared as crit A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /news.php. The manipulation of the argument newstitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-4772 [MEDIUM] CWE-74 CVE-2025-4772: A vulnerability has been found in PHPGurukul Online Course Registration 3.1 and classified as critic A vulnerability has been found in PHPGurukul Online Course Registration 3.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/department.php. The manipulation of the argument department leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and ma

CVE-2025-4771 [MEDIUM] CWE-74 CVE-2025-4771: A vulnerability, which was classified as critical, was found in PHPGurukul Online Course Registratio A vulnerability, which was classified as critical, was found in PHPGurukul Online Course Registration 3.1. Affected is an unknown function of the file /admin/course.php. The manipulation of the argument coursecode leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-4793 [MEDIUM] CWE-74 CVE-2025-4793: A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been classified as cr A vulnerability was found in PHPGurukul Online Course Registration 3.1. It has been classified as critical. Affected is an unknown function of the file /edit-student-profile.php. The manipulation of the argument cgpa leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2020-12429 [CRITICAL] CWE-89 CVE-2020-12429: Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete databas Online Course Registration 2.0 has multiple SQL injections that would can lead to a complete database compromise and authentication bypass in the login pages: admin/change-password.php, admin/check_availability.php, admin/index.php, change-password.php, check_availability.php, includes/header.php, index.php, and pincode-verification.php.