CVE-2023-6766

Name of the Vulnerable Software and Affected Versions PHPGurukul Teacher Subject Allocation Management System version 1.0

Description A problematic vulnerability has been found in the PHPGurukul Teacher Subject Allocation Management System. The issue affects an unknown function of the file /admin/course.php, specifically the component Delete Course Handler. The manipulation of the delid argument leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For PHPGurukul Teacher Subject Allocation Management System version 1.0, consider disabling the Delete Course Handler component or restricting access to the /admin/course.php file until a patch is available. As a temporary workaround, avoid using the delid argument in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.