Description
A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Published: 2026-04-08
Score: 6.9 Medium
EPSS: n/a
KEV: No
Impact: SQL injection
Action: Immediate Patch
AI Analysis

Impact

A flaw was discovered in PHPGurukul Online Course Registration version 3.1 that allows an attacker to inject arbitrary SQL through the regno parameter in the check_availability.php endpoint. The injection can be executed remotely without authentication and can be used to read, modify, or delete protected data in the database. This violation of confidentiality and integrity is derived from the identified CWE‑89 and results in potential data exposure or unauthorized data manipulation.

Affected Systems

The vulnerability affects installations of PHPGurukul’s Online Course Registration system, specifically version 3.1. No additional sub‑versions are disclosed; the impact covers all deployments that contain the mentioned check_availability.php file.

Risk and Exploitability

The CVSS score of 6.9 indicates moderate severity. Although EPSS data is missing and the issue is not listed in CISA’s KEV catalog, the public disclosure and remote nature of the attack raise concern. An attacker can exploit the flaw by submitting a crafted regno value from a web browser or automated script, triggering the SQL injection and potentially extracting or altering database contents. Because no mitigation is required beyond updating to a patch, the risk is primarily mitigated by applying a patch immediately.

Generated by OpenCVE AI on April 9, 2026 at 00:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade or patch PHPGurukul Online Course Registration to a version where the check_availability.php input sanitization has been corrected.
  • If an update is not immediately feasible, restrict access to the /admin/check_availability.php endpoint to trusted administrative users only.
  • As a temporary measure, implement input validation to reject SQL control characters or use parameterized queries when handling regno values.

Generated by OpenCVE AI on April 9, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 08 Apr 2026 23:30:00 +0000

Type Values Removed Values Added
Description A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used.
Title PHPGurukul Online Course Registration check_availability.php sql injection
First Time appeared Phpgurukul
Phpgurukul online Course Registration
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:phpgurukul:online_course_registration:*:*:*:*:*:*:*:*
Vendors & Products Phpgurukul
Phpgurukul online Course Registration
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Phpgurukul Online Course Registration
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-08T23:00:17.193Z

Reserved: 2026-04-08T15:26:07.930Z

Link: CVE-2026-5814

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-09T00:16:19.827

Modified: 2026-04-09T00:16:19.827

Link: CVE-2026-5814

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:25:29Z

Weaknesses