{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-6193", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-13T08:42:09.244Z", "datePublished": "2026-04-13T17:00:17.681Z", "dateUpdated": "2026-04-14T16:29:17.934Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-13T17:00:17.681Z"}, "title": "PHPGurukul Daily Expense Tracking System register.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "PHPGurukul", "product": "Daily Expense Tracking System", "versions": [{"version": "1.1", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-13T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-13T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-13T10:47:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/357115", "name": "VDB-357115 | PHPGurukul Daily Expense Tracking System register.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/357115/cti", "name": "VDB-357115 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/797433", "name": "Submit #797433 | PHPGurukul Daily Expense Tracking System 1.1 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/f1rstb100d/CVE/issues/47", "tags": ["exploit", "issue-tracking"]}, {"url": "https://phpgurukul.com/", "tags": ["product"]}], "tags": ["x_freeware"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-14T15:26:38.316942Z", "id": "CVE-2026-6193", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T16:29:17.934Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-6193", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-14T15:26:38.316942Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-14T15:26:45.795Z"}}], "cna": {"tags": ["x_freeware"], "title": "PHPGurukul Daily Expense Tracking System register.php sql injection", "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "PHPGurukul", "product": "Daily Expense Tracking System", "versions": [{"status": "affected", "version": "1.1"}]}], "timeline": [{"lang": "en", "time": "2026-04-13T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2026-04-13T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2026-04-13T10:47:13.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/357115", "name": "VDB-357115 | PHPGurukul Daily Expense Tracking System register.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/357115/cti", "name": "VDB-357115 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/797433", "name": "Submit #797433 | PHPGurukul Daily Expense Tracking System 1.1 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/f1rstb100d/CVE/issues/47", "tags": ["exploit", "issue-tracking"]}, {"url": "https://phpgurukul.com/", "tags": ["product"]}], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "SQL Injection"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-13T17:00:17.681Z"}}}, "cveMetadata": {"cveId": "CVE-2026-6193", "state": "PUBLISHED", "dateUpdated": "2026-04-14T16:29:17.934Z", "dateReserved": "2026-04-13T08:42:09.244Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2026-04-13T17:00:17.681Z", "assignerShortName": "VulDB"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A security flaw has been discovered in PHPGurukul Daily Expense Tracking System 1.1. Affected is an unknown function of the file /register.php. The manipulation of the argument email results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks."}], "id": "CVE-2026-6193", "lastModified": "2026-04-29T01:00:01.613", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-13T17:16:32.557", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/f1rstb100d/CVE/issues/47"}, {"source": "cna@vuldb.com", "url": "https://phpgurukul.com/"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/797433"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/357115"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/357115/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.1"}}], "enrichment": {"confidence": 94.0, "confidence_source": "matching", "scores": [{"score": 94.0, "source": "matching"}]}, "original": {"product": "Daily Expense Tracking System", "source": "cna", "vendor": "PHPGurukul"}, "product": "daily_expense_tracker_system", "vendor": "phpgurukul"}], "analysis": {"en": {"generated_at": "2026-04-13T18:35:19.134568+00:00", "value": {"mitigation_remediation": ["Check the PHPGurukul website or repository for an updated version or patch that addresses the SQL injection in register.php.", "If no patch is available, limit exposure by restricting access to the registration endpoint with firewall rules or network segmentation.", "Implement server\u2011side validation to sanitize the email input, preferably using parameterized queries or proper escaping.", "Continuously monitor database activity and application logs for anomalous queries that may indicate exploitation attempts."], "summary": {"action": "Immediate Patch", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "The affected product is PHPGurukul Daily Expense Tracking System version 1.1. Only the register.php file\u2019s email handling is impacted; no other versions are documented as vulnerable.", "description_and_impact": "A flaw in the register.php file of PHPGurukul Daily Expense Tracking System 1.1 allows an attacker to inject arbitrary SQL through the email argument. The injected SQL can modify, delete, or leak sensitive data stored in the database, thereby compromising confidentiality and integrity of user information. The vulnerability is exploitable remotely via a standard HTTP request.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a medium to high severity. EPSS data is unavailable, and the issue is not listed in the KEV catalog. Exploitation is possible from any network with access to the registration endpoint; attackers can manipulate the email field in a standard request to inject and execute SQL commands."}}}}, "created": "2026-04-14T16:18:44.716963+00:00", "updated": "2026-04-14T16:33:52.768791+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$daily_expense_tracker_system"]}