CVE-2025-15406

MEDIUM

Phpgurukul Online Course Registration < 3.1 - Incorrect Authorization

Title source: rule

Description

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Exploits (1)

github

by rsecroot · poc

https://github.com/rsecroot/CVE-2025-15406

References (5)

[Exploit, Third Party Advisory] https://github.com/rsecroot/Online-Course-Registration/blob/main/Broken%20Access%20Control.md

View Exploit ZIP pw:eip

[Product] https://phpgurukul.com/

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.339326

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.339326

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.728354

Scores

CVSS v3 6.3

EPSS 0.0002

EPSS Percentile 4.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-863 CWE-862

Status published

Products (1)

phpgurukul/online_course_registration < 3.1

Published Jan 01, 2026

Tracked Since Feb 18, 2026