{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5814", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-08T15:26:07.930Z", "datePublished": "2026-04-08T23:00:17.193Z", "dateUpdated": "2026-04-09T14:17:57.980Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-08T23:00:17.193Z"}, "title": "PHPGurukul Online Course Registration check_availability.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "PHPGurukul", "product": "Online Course Registration", "versions": [{"version": "3.1", "status": "affected"}], "cpes": ["cpe:2.3:a:phpgurukul:online_course_registration:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-08T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-08T17:31:16.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/356262", "name": "VDB-356262 | PHPGurukul Online Course Registration check_availability.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356262/cti", "name": "VDB-356262 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/787698", "name": "Submit #787698 | PHPGurukul Online Course Registration 3.1 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/f1rstb100d/CVE/issues/21", "tags": ["exploit", "issue-tracking"]}, {"url": "https://phpgurukul.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-09T14:16:06.861770Z", "id": "CVE-2026-5814", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-09T14:17:57.980Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"tags": ["x_freeware"], "title": "PHPGurukul Online Course Registration check_availability.php sql injection", "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"cpes": ["cpe:2.3:a:phpgurukul:online_course_registration:*:*:*:*:*:*:*:*"], "vendor": "PHPGurukul", "product": "Online Course Registration", "versions": [{"status": "affected", "version": "3.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-08T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-08T17:31:16.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/356262", "name": "VDB-356262 | PHPGurukul Online Course Registration check_availability.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356262/cti", "name": "VDB-356262 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/787698", "name": "Submit #787698 | PHPGurukul Online Course Registration 3.1 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/f1rstb100d/CVE/issues/21", "tags": ["exploit", "issue-tracking"]}, {"url": "https://phpgurukul.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-08T23:00:17.193Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-5814", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-09T14:16:06.861770Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-09T14:17:06.827Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-5814", "state": "PUBLISHED", "dateUpdated": "2026-04-08T23:00:17.193Z", "dateReserved": "2026-04-08T15:26:07.930Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-08T23:00:17.193Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security vulnerability has been detected in PHPGurukul Online Course Registration 3.1. This issue affects some unknown processing of the file /admin/check_availability.php. The manipulation of the argument regno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used."}], "id": "CVE-2026-5814", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-09T00:16:19.827", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/f1rstb100d/CVE/issues/21"}, {"source": "cna@vuldb.com", "url": "https://phpgurukul.com/"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/787698"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356262"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356262/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Online Course Registration", "source": "cna", "vendor": "PHPGurukul"}, "product": "online_course_registration", "vendor": "phpgurukul"}], "analysis": {"en": {"generated_at": "2026-04-09T00:21:16.305675+00:00", "value": {"mitigation_remediation": ["Upgrade or patch PHPGurukul Online Course Registration to a version where the check_availability.php input sanitization has been corrected.", "If an update is not immediately feasible, restrict access to the /admin/check_availability.php endpoint to trusted administrative users only.", "As a temporary measure, implement input validation to reject SQL control characters or use parameterized queries when handling regno values."], "summary": {"action": "Immediate Patch", "impact": "SQL injection"}, "threat_synthesis": {"affected_systems": "The vulnerability affects installations of PHPGurukul\u2019s Online Course Registration system, specifically version 3.1. No additional sub\u2011versions are disclosed; the impact covers all deployments that contain the mentioned check_availability.php file.", "description_and_impact": "A flaw was discovered in PHPGurukul Online Course Registration version 3.1 that allows an attacker to inject arbitrary SQL through the regno parameter in the check_availability.php endpoint. The injection can be executed remotely without authentication and can be used to read, modify, or delete protected data in the database. This violation of confidentiality and integrity is derived from the identified CWE\u201189 and results in potential data exposure or unauthorized data manipulation.", "risk_and_exploitability": "The CVSS score of 6.9 indicates moderate severity. Although EPSS data is missing and the issue is not listed in CISA\u2019s KEV catalog, the public disclosure and remote nature of the attack raise concern. An attacker can exploit the flaw by submitting a crafted regno value from a web browser or automated script, triggering the SQL injection and potentially extracting or altering database contents. Because no mitigation is required beyond updating to a patch, the risk is primarily mitigated by applying a patch immediately."}}}}, "created": "2026-04-09T08:16:03.169361+00:00", "updated": "2026-04-09T08:25:29.356082+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$online_course_registration"]}