Description
A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Published: 2026-04-08
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

A vulnerability exists in PHPGurukul Online Course Registration 3.1 that permits injection of arbitrary SQL through the cid parameter in the /check_availability.php file. This flaw enables an attacker to execute unauthorized database queries, potentially exposing, modifying, or deleting sensitive data. The weakness aligns with classic SQL injection (CWE-89) and can be abused remotely.

Affected Systems

PHPGurukul Online Course Registration version 3.1 is affected by the SQL injection flaw. The vulnerability originates from code in the /check_availability.php endpoint, and any deployment using this component is at risk. No other versions or products are explicitly listed as impacted.

Risk and Exploitability

The CVSS score of 6.9 indicates a moderate severity, while the EPSS score is not available and the vulnerability is not listed in the KEV catalog. An attacker can exploit the flaw remotely by manipulating the cid argument, and public proof‑of‑concept exploits are available. Given the remote nature and lack of restriction on the parameter, the risk of exploitation remains significant for exposed installations.

Generated by OpenCVE AI on April 9, 2026 at 00:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or upgrade PHPGurukul Online Course Registration to a version that resolves the SQL injection flaw
  • If a patch is unavailable, limit remote access to the /check_availability.php endpoint or apply IP whitelisting
  • Implement server‑side validation and sanitization for the cid parameter to prevent injection
  • Deploy a web application firewall or equivalent filter to block malicious SQL payloads
  • Monitor database logs for suspicious queries and investigate any unauthorized access attempts

Generated by OpenCVE AI on April 9, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 23:15:00 +0000

Type Values Removed Values Added
Description A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Title PHPGurukul Online Course Registration check_availability.php sql injection
First Time appeared Phpgurukul
Phpgurukul online Course Registration
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:phpgurukul:online_course_registration:*:*:*:*:*:*:*:*
Vendors & Products Phpgurukul
Phpgurukul online Course Registration
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Phpgurukul Online Course Registration
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-08T22:45:11.613Z

Reserved: 2026-04-08T15:26:04.209Z

Link: CVE-2026-5813

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-08T23:17:00.833

Modified: 2026-04-08T23:17:00.833

Link: CVE-2026-5813

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:25:30Z

Weaknesses