PT-2026-1062 · Unknown · Phpgurukul Online Course Registration System

Hackerfactory

·

Publicado

2026-01-02

·

Atualizado

2026-01-23

·

CVE-2026-0547

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions PHPGurukul Online Course Registration versions up to 3.1
Description A flaw exists in PHPGurukul Online Course Registration that allows for unrestricted file uploads. This issue is related to the processing of the /admin/edit-student-profile.php file within the Student Registration Page component. Specifically, manipulating the photo argument enables the upload of arbitrary files. The attack can be initiated remotely, and details of an exploit have been publicly disclosed.
Recommendations Versions prior to 3.1 should be updated.

Exploit

Correção

Improper Access Control

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284CWE-434

Identificadores relacionados

CVE-2026-0547

Produtos afetados

Phpgurukul Online Course Registration System