Отправить #733331: PHPGurukul Online Course Registration System ≤ 3.1 SQL InjectionИнформация

НазваниеPHPGurukul Online Course Registration System ≤ 3.1 SQL Injection
ОписаниеA critical SQL Injection vulnerability was discovered in PHPGurukul Online Course Registration System v3.1. The vulnerability exists in the file /onlinecourse/admin/manage-students.php, where the id GET parameter is directly concatenated into SQL queries without any input validation or sanitization. This affects the student deletion and password reset functions. An authenticated attacker can inject malicious SQL commands to extract sensitive data, delete records, or compromise the database.
Источник⚠️ https://note-hxlab.wetolink.com/share/Tma34bofeB2L
Пользователь
 angelkate (UID 94159)
Представление07.01.2026 07:06 (5 месяцы назад)
Модерация09.01.2026 10:40 (2 days later)
СтатусДубликат
Запись VulDB340130 [PHPGurukul Online Course Registration System до 3.1 manage-students.php id/cid SQL-инъекция]
Баллы0

ПредыдущийОбзорДалее

Do you want to use VulDB in your project?

Use the official API to access entries easily!