{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-0803", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-01-09T09:41:52.701Z", "datePublished": "2026-01-09T15:32:09.036Z", "dateUpdated": "2026-02-23T08:25:26.551Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:25:26.551Z"}, "title": "PHPGurukul Online Course Registration System enroll.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "PHPGurukul", "product": "Online Course Registration System", "versions": [{"version": "3.0", "status": "affected"}, {"version": "3.1", "status": "affected"}], "cpes": ["cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-01-09T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-01-09T01:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-01-22T18:32:14.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "angelkate (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.340255", "name": "VDB-340255 | PHPGurukul Online Course Registration System enroll.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.340255", "name": "VDB-340255 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.733344", "name": "Submit #733344 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://note-hxlab.wetolink.com/share/qX132pk8Wofk", "tags": ["exploit"]}, {"url": "https://phpgurukul.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-09T16:24:14.834025Z", "id": "CVE-2026-0803", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T16:24:22.841Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-0803", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-09T16:24:14.834025Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-09T16:24:19.580Z"}}], "cna": {"tags": ["x_freeware"], "title": "PHPGurukul Online Course Registration System enroll.php sql injection", "credits": [{"lang": "en", "type": "reporter", "value": "angelkate (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*"], "vendor": "PHPGurukul", "product": "Online Course Registration System", "versions": [{"status": "affected", "version": "3.0"}, {"status": "affected", "version": "3.1"}]}], "timeline": [{"lang": "en", "time": "2026-01-09T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-01-09T01:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-01-22T18:32:14.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.340255", "name": "VDB-340255 | PHPGurukul Online Course Registration System enroll.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.340255", "name": "VDB-340255 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.733344", "name": "Submit #733344 | PHPGurukul Online Course Registration System \u2264 3.1 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://note-hxlab.wetolink.com/share/qX132pk8Wofk", "tags": ["exploit"]}, {"url": "https://phpgurukul.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-02-23T08:25:26.551Z"}}}, "cveMetadata": {"cveId": "CVE-2026-0803", "state": "PUBLISHED", "dateUpdated": "2026-02-23T08:25:26.551Z", "dateReserved": "2026-01-09T09:41:52.701Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-01-09T15:32:09.036Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:phpgurukul:online_course_registration_system:*:*:*:*:*:*:*:*", "matchCriteriaId": "F04EF455-CD58-45B8-A85D-B9A76A121924", "versionEndIncluding": "3.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in PHPGurukul Online Course Registration System up to 3.1. This affects an unknown part of the file /enroll.php. The manipulation of the argument studentregno/Pincode/session/department/level/course/sem results in sql injection. The attack may be launched remotely. The exploit has been made public and could be used."}, {"lang": "es", "value": "Una vulnerabilidad fue encontrada en el Sistema de Registro de Cursos en L\u00ednea PHPGurukul hasta la versi\u00f3n 3.1. Esto afecta una parte desconocida del archivo /enroll.php. La manipulaci\u00f3n del argumento studentregno/Pincode/sesi\u00f3n/department/level/course/sem resulta en inyecci\u00f3n SQL. El ataque puede ser lanzado de forma remota. El exploit ha sido hecho p\u00fablico y podr\u00eda ser utilizado."}], "id": "CVE-2026-0803", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.1, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-01-09T16:16:07.840", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://note-hxlab.wetolink.com/share/qX132pk8Wofk"}, {"source": "cna@vuldb.com", "tags": ["Product"], "url": "https://phpgurukul.com/"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.340255"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.340255"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.733344"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-18T07:23:21.536252+00:00", "value": {"mitigation_remediation": ["Check with the vendor for a patch or newer release that addresses the SQL injection in enroll.php.", "Implement input validation and switch to parameterized SQL queries for all request parameters handled by enroll.php to eliminate injection risk.", "Configure firewall or web access controls to restrict who can reach the enrollment endpoint, limiting the attack surface to trusted internal networks only."], "summary": {"action": "Apply Patch", "impact": "Unauthorized data access and modification via SQL injection"}, "threat_synthesis": {"affected_systems": "The vulnerability affects PHPGurukul\u2019s Online Course Registration System versions up to and including 3.1. No later versions are mentioned as receiving the fix. System administrators should verify whether their deployment is within the affected release range.", "description_and_impact": "A flaw exists in the PHPGurukul Online Course Registration System in the file /enroll.php that allows an attacker to manipulate the request arguments\u2014studentregno, Pincode, session, department, level, course, and sem\u2014to inject arbitrary SQL statements. The injection can be triggered remotely by sending a crafted HTTP request to the vulnerable endpoint. Once exploited, the attacker can read, modify, or delete database records, potentially exposing sensitive student information or compromising the integrity of the registration system.", "risk_and_exploitability": "With a CVSS score of 5.3, this issue falls into the medium severity range. The EPSS score is below 1\u202f% indicating a low probability of exploitation under current data. The vulnerability is not listed in the CISA KEV catalog. Although the attack vector is remote, it requires only that the attacker is able to send HTTP requests to the vulnerable server, making the exposure significant for publicly reachable installations. Successful injection could lead to data leakage or unauthorized data manipulation."}}}}, "created": "2026-01-12T14:38:15.895090+00:00", "updated": "2026-04-18T07:30:36.029164+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$online_course_registration_system"]}