CVE-2025-15406

high

Published 2026-01-01 · Modified 2026-04-29

CVSS v3

8.8

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2

6.5

VIR risk

8.8

Description

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Predictions

Exploit likelihood

92%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Application impact

Vendor	Product	Versions	Fixed
phpgurukul	online_course_registration	`{"endIncluding":"3.1"}`

References

https://github.com/rsecroot/Online-Course-Registration/blob/main/Broken%20Access%20Control.md
https://phpgurukul.com/
https://vuldb.com/?ctiid.339326
https://vuldb.com/?id.339326
https://vuldb.com/?submit.728354

CWEs

CWE-862 CWE-863

Verify integrity in audit chain (admin only). AS-IS.