CVE-2025-15406

PHPGurukul Online Course Registration authorization

CVSS 5.3 MEDIUMEPSS 0.4%CWE-862 CWE-863

Vexday Risk Score

13Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 5.3EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

01 ene 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Productos afectados

PHPGurukul · Online Course Registration

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/rsecroot/Online-Course-Registration/blob/main/Broken%20Access%20Control.md https://phpgurukul.com/https://vuldb.com/?ctiid.339326 https://vuldb.com/?id.339326 https://vuldb.com/?submit.728354