PT-2026-1062 · Unknown · Phpgurukul Online Course Registration System
Hackerfactory
·
Published
2026-01-02
·
Updated
2026-01-23
·
CVE-2026-0547
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Online Course Registration versions up to 3.1
Description
A flaw exists in PHPGurukul Online Course Registration that allows for unrestricted file uploads. This issue is related to the processing of the
/admin/edit-student-profile.php file within the Student Registration Page component. Specifically, manipulating the photo argument enables the upload of arbitrary files. The attack can be initiated remotely, and details of an exploit have been publicly disclosed.Recommendations
Versions prior to 3.1 should be updated.
Exploit
Fix
Improper Access Control
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpgurukul Online Course Registration System