CVE-2026-0547

MEDIUM

Phpgurukul Online Course Registration < 3.1 - Improper Access Control

Title source: rule

Description

A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.

Exploits (1)

github

by rsecroot · poc

https://github.com/rsecroot/CVE-2026-0547

References (5)

[Exploit, Third Party Advisory] https://github.com/rsecroot/Online-Course-Registration/blob/main/Cross%20Site%20Scripting.md

View Exploit ZIP pw:eip

[Product] https://phpgurukul.com/

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.339355

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.339355

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.728988

Scores

CVSS v3 6.3

EPSS 0.0005

EPSS Percentile 14.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-284 CWE-434

Status published

Products (1)

phpgurukul/online_course_registration < 3.1

Published Jan 02, 2026

Tracked Since Feb 18, 2026