CVE-2026-0547

Published: Jan 2, 2026Modified: Apr 29, 2026

2.1

Vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Show more

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XShow less

Source: CNA (Secondary)

Description

A vulnerability was found in PHPGurukul Online Course Registration up to 3.1. This issue affects some unknown processing of the file /admin/edit-student-profile.php of the component Student Registration Page. The manipulation of the argument photo results in unrestricted upload. The attack may be launched remotely. The exploit has been made public and could be used.

Affected (1)

Products: Phpgurukul: Online Course Registration

1 product

Online Course Registration

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpgurukul Online Course Registration	Up to 3.1

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (5)

https://github.com/rsecroot/Online-Course-Registration/blob/main/Cross%20Site%20Scripting.md

Source: cna@vuldb.com

ExploitThird Party Advisory

https://phpgurukul.com/

Source: cna@vuldb.com

Product

https://vuldb.com/?ctiid.339355

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.339355

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.728988

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

Timeline

No history available yet.