CVE-2026-0733

A vulnerability was determined in PHPGurukul Online Course Registration System up to 3.1. This impacts an unknown function of the file /onlinecourse/admin/manage-students.php. This manipulation of the argument id/cid causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.3 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
VulDBCNA
6.3 MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 9%
Common Weakness Enumeration
References
https://note-hxlab.wetolink.com/share/Tma34bofeB2L
https://note-hxlab.wetolink.com/share/cU33RBoPPAF0
https://phpgurukul.com/
https://vuldb.com/?ctiid.340130
https://vuldb.com/?id.340130
https://vuldb.com/?submit.733328
https://vuldb.com/?submit.733331