{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-5813", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2026-04-08T15:26:04.209Z", "datePublished": "2026-04-08T22:45:11.613Z", "dateUpdated": "2026-04-08T22:45:11.613Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2026-04-08T22:45:11.613Z"}, "title": "PHPGurukul Online Course Registration check_availability.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "SQL Injection"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-74", "lang": "en", "description": "Injection"}]}], "affected": [{"vendor": "PHPGurukul", "product": "Online Course Registration", "versions": [{"version": "3.1", "status": "affected"}], "cpes": ["cpe:2.3:a:phpgurukul:online_course_registration:*:*:*:*:*:*:*:*"]}], "descriptions": [{"lang": "en", "value": "A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 6.9, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 7.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 7.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "HIGH"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2026-04-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2026-04-08T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2026-04-08T17:31:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/vuln/356261", "name": "VDB-356261 | PHPGurukul Online Course Registration check_availability.php sql injection", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/vuln/356261/cti", "name": "VDB-356261 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/submit/787686", "name": "Submit #787686 | PHPGurukul Online Course Registration 3.1 SQL Injection", "tags": ["third-party-advisory"]}, {"url": "https://github.com/f1rstb100d/CVE/issues/20", "tags": ["exploit", "issue-tracking"]}, {"url": "https://phpgurukul.com/", "tags": ["product"]}], "tags": ["x_freeware"]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A weakness has been identified in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /check_availability.php. Executing a manipulation of the argument cid can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks."}], "id": "CVE-2026-5813", "lastModified": "2026-04-08T23:17:00.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 6.9, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2026-04-08T23:17:00.833", "references": [{"source": "cna@vuldb.com", "url": "https://github.com/f1rstb100d/CVE/issues/20"}, {"source": "cna@vuldb.com", "url": "https://phpgurukul.com/"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/submit/787686"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356261"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/vuln/356261/cti"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Online Course Registration", "source": "cna", "vendor": "PHPGurukul"}, "product": "online_course_registration", "vendor": "phpgurukul"}], "analysis": {"en": {"generated_at": "2026-04-09T00:21:39.305450+00:00", "value": {"mitigation_remediation": ["Apply the latest patch or upgrade PHPGurukul Online Course Registration to a version that resolves the SQL injection flaw", "If a patch is unavailable, limit remote access to the /check_availability.php endpoint or apply IP whitelisting", "Implement server\u2011side validation and sanitization for the cid parameter to prevent injection", "Deploy a web application firewall or equivalent filter to block malicious SQL payloads", "Monitor database logs for suspicious queries and investigate any unauthorized access attempts"], "summary": {"action": "Immediate Patch", "impact": "Remote SQL Injection"}, "threat_synthesis": {"affected_systems": "PHPGurukul Online Course Registration version 3.1 is affected by the SQL injection flaw. The vulnerability originates from code in the /check_availability.php endpoint, and any deployment using this component is at risk. No other versions or products are explicitly listed as impacted.", "description_and_impact": "A vulnerability exists in PHPGurukul Online Course Registration 3.1 that permits injection of arbitrary SQL through the cid parameter in the /check_availability.php file. This flaw enables an attacker to execute unauthorized database queries, potentially exposing, modifying, or deleting sensitive data. The weakness aligns with classic SQL injection (CWE-89) and can be abused remotely.", "risk_and_exploitability": "The CVSS score of 6.9 indicates a moderate severity, while the EPSS score is not available and the vulnerability is not listed in the KEV catalog. An attacker can exploit the flaw remotely by manipulating the cid argument, and public proof\u2011of\u2011concept exploits are available. Given the remote nature and lack of restriction on the parameter, the risk of exploitation remains significant for exposed installations."}}}}, "created": "2026-04-09T08:16:04.257260+00:00", "updated": "2026-04-09T08:25:30.473761+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$online_course_registration"]}