PHPGurukul Online Course Registration v3.1 缺失授权导致权限提升

关键漏洞信息 Title: PHPGurukul Online Course Registration v3.1 Missing Authorization Description: - Vulnerability Type: Missing Authorization - Product: PHPGurukul Online Course Registration System v3.1 - Issue: The system fails to verify user roles before serving administrative content, only checking if a user is authenticated. - Vulnerable Code: - Impact: Authenticated students can access administrative functions by navigating directly to admin URLs, leading to privilege escalation from student to administrator. - Threat: An attacker with student privileges can gain administrative access, modify user data, manage courses, escalate privileges, and compromise the system. Related Vulnerability: Follows the same pattern as CVE-2025-15390 (VDB-339151) affecting the CRM Application from the same vendor. Source: GitHub Link User: hackerfactory (UID 85869) Submission Date: 12/31/2025 04:50 PM Moderation Status: Awaiting moderation

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

PHPGurukul Online Course Registration v3.1 缺失授权导致权限提升

目标达成感谢每一位支持者 — 我们达成了 100% 目标！