{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-15406","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2026-01-01T08:46:38.268Z","datePublished":"2026-01-01T17:02:07.067Z","dateUpdated":"2026-02-23T08:02:11.264Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-23T08:02:11.264Z"},"title":"PHPGurukul Online Course Registration authorization","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-862","lang":"en","description":"Missing Authorization"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-863","lang":"en","description":"Incorrect Authorization"}]}],"affected":[{"vendor":"PHPGurukul","product":"Online Course Registration","versions":[{"version":"3.0","status":"affected"},{"version":"3.1","status":"affected"}],"cpes":["cpe:2.3:a:phpgurukul:online_course_registration:*:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2026-01-01T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2026-01-01T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2026-01-06T20:02:34.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"hackerfactory (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.339326","name":"VDB-339326 | PHPGurukul Online Course Registration authorization","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.339326","name":"VDB-339326 | CTI Indicators (IOB, IOC)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.728354","name":"Submit #728354 | PHPGurukul Online Course Registration v3.1 Missing Authorization","tags":["third-party-advisory"]},{"url":"https://github.com/rsecroot/Online-Course-Registration/blob/main/Broken%20Access%20Control.md","tags":["exploit"]},{"url":"https://phpgurukul.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-01-05T20:58:19.490248Z","id":"CVE-2025-15406","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-01-05T20:58:41.667Z"}}]}}