| Title | PHPGurukul Online Course Registration v3.1 Missing Authorization |
|---|
| Description | A critical vulnerability has been found in PHP Gurukul Online Course Registration System v3.1 where the authorization mechanism fails to verify user roles before serving administrative content. The application only checks if a user is authenticated but does not verify their authorization level.
The vulnerability exists in the session management implementation. The login process (index.php) creates session variables but omits role assignment:
$_SESSION['login']=$_POST['regno'];
$_SESSION['id']=$num['studentRegno'];
$_SESSION['sname']=$num['studentName'];
// Missing: $_SESSION['role']=$num['role'];
Any authenticated student can access administrative functions by directly navigating to admin URLs (e.g., /onlinecourse/admin/user-log.php, /onlinecourse/admin/manage-users.php) without role verification. This allows privilege escalation from student to administrator.
An authenticated attacker with student privileges can gain complete administrative access, view and modify all user data, manage courses, escalate privileges, and compromise the entire system.
Related Vulnerability: This follows the same pattern as CVE-2025-15390 ( VDB-339151) affecting the CRM Application from the same vendor. Both products share identical vulnerable code patterns but are separate applications requiring independent fixes.
|
|---|
| Source | ⚠️ https://github.com/rsecroot/Online-Course-Registration/blob/main/Broken%20Access%20Control.md |
|---|
| User | hackerfactory (UID 85869) |
|---|
| Submission | 12/31/2025 04:50 PM (2 months ago) |
|---|
| Moderation | 01/01/2026 09:46 AM (17 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 339326 [PHPGurukul Online Course Registration up to 3.1 authorization] |
|---|
| Points | 20 |
|---|