{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0733", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-08T15:32:32.701Z", "datePublished": "2026-01-08T23:32:13.020Z", "dateUpdated": "2026-02-23T08:25:04.752Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:25:04.752Z"}, "title": "PHPGurukul Online Course Registration System manage-students.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "PHPGurukul", "product": "Online Course Registration System", "versions": [{"version": "3.0", "status": "affected"}, {"version": "3.1", "status": "affected"}], "cpes": ["cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-08T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-22T18:32:14.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "angelkate (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.340130", "name": "VDB-340130 | PHPGurukul Online Course Registration System manage-students.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.340130", "name": "VDB-340130 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.733328", "name": "Submit #733328 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection Vulnerability", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.733331", "name": "Submit #733331 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://note-hxlab.wetolink.com/share/cU33RBoPPAF0", "tags": ["related"]}, {"url": "https://note-hxlab.wetolink.com/share/Tma34bofeB2L", "tags": ["exploit"]}, {"url": "https://phpgurukul.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-09T16:21:52.970602Z", "id": "CVE-2026-0733", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T16:22:02.232Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0733", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-09T16:21:52.970602Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T16:21:58.417Z"}}], "cna": {"tags": ["x_freeware"], "title": "PHPGurukul Online Course Registration System manage-students.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "angelkate (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*"], "vendor": "PHPGurukul", "product": "Online Course Registration System", "versions": [{"status": "affected", "version": "3.0"}, {"status": "affected", "version": "3.1"}]}], "timeline": [{"lang": "en", "time": "2026-01-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-08T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-22T18:32:14.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.340130", "name": "VDB-340130 | PHPGurukul Online Course Registration System manage-students.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.340130", "name": "VDB-340130 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.733328", "name": "Submit #733328 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection Vulnerability", "tags": ["third-party-advisory"]}, {"url": "https://vuldb.com/?submit.733331", "name": "Submit #733331 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection (Duplicate)", "tags": ["third-party-advisory"]}, {"url": "https://note-hxlab.wetolink.com/share/cU33RBoPPAF0", "tags": ["related"]}, {"url": "https://note-hxlab.wetolink.com/share/Tma34bofeB2L", "tags": ["exploit"]}, {"url": "https://phpgurukul.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:25:04.752Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0733", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:25:04.752Z", "dateReserved": "2026-01-08T15:32:32.701Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-08T23:32:13.020Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "F04EF455-CD58-45B8-A85D-B9A76A121924", "versionEndIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized."}, {"lang": "es", "value": "Se determin\u00f3 una vulnerabilidad en el Sistema de Registro de Cursos en L\u00ednea PHPGurukul hasta 3.1. Esto afecta una funci\u00f3n desconocida del archivo /onlinecourse/admin/manage-students.PHP. Esta manipulaci\u00f3n del argumento id/cid causa inyecci\u00f3n SQL. Es posible iniciar el ataque remotamente. El exploit ha sido divulgado p\u00fablicamente y puede ser utilizado."}], "id": "CVE-2026-0733", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-09T00:15:45.497", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://note-hxlab.wetolink.com/share/Tma34bofeB2L"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://note-hxlab.wetolink.com/share/cU33RBoPPAF0"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://phpgurukul.com/"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.340130"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.340130"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.733328"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.733331"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T16:39:44.759671+00:00", "value": {"mitigation_remediation": ["Update the PHPGurukul Online Course Registration System to the latest version (\u22653.2) or apply the vendor\u2019s patch that addresses the SQL injection in manage\u2011students.php.", "If a patch is not available, restrict direct HTTP access to the /onlinecourse/admin/manage-students.php page to administrators only, using network filtering, IP whitelisting, or application-level authentication.", "Employ input validation and use parameterized queries for all database interactions involving the id and cid parameters, or enable a web application firewall that blocks common SQL injection patterns."], "summary": {"action": "Patch Now", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "The vulnerability is present in all releases of PHPGurukul\u2019s Online Course Registration System up to and including version 3.1. Versions released after 3.1 do not contain this flaw unless the same vulnerable code remains in manage\u2011students.php.", "description_and_impact": "A SQL injection flaw in the phpGurukul Online Course Registration System allows a remote attacker to manipulate the \"id\" or \"cid\" parameters in the manage-students.php page, enabling the injection of arbitrary SQL statements. This can compromise database integrity, reveal sensitive student information, and potentially allow the attacker to modify or delete data. The weakness maps to CWE-74 and CWE-89.", "risk_and_exploitability": "CVSS base score 5.3 indicates moderate impact; the EPSS score is below 1%, suggesting a low current exploitation probability. The vulnerability is not yet listed in the CISA KEV catalog, but it is publicly disclosed, and the remote attack vector means anyone able to send HTTP requests can exploit it. The lack of an available patch reduces protection, so administrators should prioritize updating or hardening the affected endpoint promptly."}}}}, "created": "2026-01-09T13:24:21.803051+00:00", "updated": "2026-04-18T16:45:05.225626+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$online_course_registration_system"]}