Platform
php
Component
phpgurukul-online-course-registration
Fixed in
3.1.1
A SQL Injection vulnerability has been discovered in PHPGurukul Online Course Registration versions 3.1. This flaw resides within the /check_availability.php file and allows attackers to manipulate the 'cid' argument, potentially leading to unauthorized data access or modification. The vulnerability is remotely exploitable and a public exploit is available, increasing the risk of immediate attacks. Addressing this vulnerability requires upgrading to a patched version.
Successful exploitation of CVE-2026-5813 allows an attacker to inject arbitrary SQL code into the PHPGurukul Online Course Registration system. This could lead to a wide range of malicious activities, including unauthorized access to sensitive user data (student records, course details, payment information), modification of database records (altering grades, creating fake accounts), and potentially even gaining control of the underlying database server. The public availability of an exploit significantly increases the likelihood of widespread exploitation, particularly targeting systems with unpatched installations. The blast radius extends to all users of the vulnerable application and potentially the entire organization if the database contains critical business data.
This vulnerability is considered actively exploitable due to the public availability of a proof-of-concept. It was disclosed on 2026-04-08. The vulnerability has been added to the CISA KEV catalog, indicating a heightened risk of exploitation. Attackers are likely to leverage the readily available exploit to target vulnerable instances of PHPGurukul Online Course Registration.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-5813 is to upgrade PHPGurukul Online Course Registration to a patched version. If an immediate upgrade is not feasible, implement temporary mitigations. Deploy a Web Application Firewall (WAF) with rules to filter potentially malicious SQL injection attempts targeting the 'cid' parameter in /checkavailability.php. Implement strict input validation on the 'cid' parameter, ensuring it conforms to expected data types and lengths. Monitor application logs for suspicious SQL queries or error messages indicative of attempted exploitation. After upgrade, confirm by attempting a controlled SQL injection test on /checkavailability.php to verify the vulnerability is resolved.
Update the PHPGurukul Online Course Registration plugin to the latest available version to mitigate the (SQL Injection) vulnerability. Check the vendor's official sources for specific update instructions. Implement appropriate validations and escapes for user inputs in the /check_availability.php file to prevent future (SQL Injections).
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-5813 is a SQL Injection vulnerability affecting PHPGurukul Online Course Registration version 3.1, allowing attackers to inject malicious SQL code through the 'cid' parameter in /check_availability.php.
You are affected if you are running PHPGurukul Online Course Registration version 3.1 and have not upgraded to a patched version. Immediate action is recommended.
The recommended fix is to upgrade to a patched version of PHPGurukul Online Course Registration. As a temporary measure, implement WAF rules and input validation.
Yes, CVE-2026-5813 is being actively exploited due to the public availability of a proof-of-concept exploit.
Please refer to the PHPGurukul website or security mailing lists for the official advisory regarding CVE-2026-5813.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.