| عنوان | PHPGurukul Online Course Registration System ≤ 3.1 SQL Injection |
|---|
| الوصف | A critical SQL Injection vulnerability was discovered in PHPGurukul Online Course Registration System v3.1. The vulnerability exists in the file /onlinecourse/admin/manage-students.php, where the id GET parameter is directly concatenated into SQL queries without any input validation or sanitization. This affects the student deletion and password reset functions. An authenticated attacker can inject malicious SQL commands to extract sensitive data, delete records, or compromise the database. |
|---|
| المصدر | ⚠️ https://note-hxlab.wetolink.com/share/Tma34bofeB2L |
|---|
| المستخدم | angelkate (UID 94159) |
|---|
| ارسال | 07/01/2026 07:06 AM (5 أشهر منذ) |
|---|
| الاعتدال | 09/01/2026 10:40 AM (2 days later) |
|---|
| الحالة | مكرر |
|---|
| إدخال VulDB | 340130 [PHPGurukul Online Course Registration System حتى 3.1 manage-students.php id/cid حقن SQL] |
|---|
| النقاط | 0 |
|---|