Description
A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-04-13
Score: 6.9 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Remote SQL Injection
Action: Immediate Patch
AI Analysis

Impact

A flaw in the register.php file of PHPGurukul Daily Expense Tracking System 1.1 allows an attacker to inject arbitrary SQL through the email argument. The injected SQL can modify, delete, or leak sensitive data stored in the database, thereby compromising confidentiality and integrity of user information. The vulnerability is exploitable remotely via a standard HTTP request.

Affected Systems

The affected product is PHPGurukul Daily Expense Tracking System version 1.1. Only the register.php file’s email handling is impacted; no other versions are documented as vulnerable.

Risk and Exploitability

The CVSS score of 6.9 indicates a medium to high severity. EPSS data is unavailable, and the issue is not listed in the KEV catalog. Exploitation is possible from any network with access to the registration endpoint; attackers can manipulate the email field in a standard request to inject and execute SQL commands.

Generated by OpenCVE AI on April 13, 2026 at 18:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Check the PHPGurukul website or repository for an updated version or patch that addresses the SQL injection in register.php.
  • If no patch is available, limit exposure by restricting access to the registration endpoint with firewall rules or network segmentation.
  • Implement server‑side validation to sanitize the email input, preferably using parameterized queries or proper escaping.
  • Continuously monitor database activity and application logs for anomalous queries that may indicate exploitation attempts.

Generated by OpenCVE AI on April 13, 2026 at 18:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 14 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 14 Apr 2026 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Phpgurukul
Phpgurukul daily Expense Tracker System
Vendors & Products Phpgurukul
Phpgurukul daily Expense Tracker System

Mon, 13 Apr 2026 17:15:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Title PHPGurukul Daily Expense Tracking System register.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Phpgurukul Daily Expense Tracker System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-14T16:29:17.934Z

Reserved: 2026-04-13T08:42:09.244Z

Link: CVE-2026-6193

cve-icon Vulnrichment

Updated: 2026-04-14T15:26:45.795Z

cve-icon NVD

Status : Received

Published: 2026-04-13T17:16:32.557

Modified: 2026-04-13T17:16:32.557

Link: CVE-2026-6193

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-14T16:33:52Z

Weaknesses