A high-severity vulnerability has been discovered in the PHPGurukul Online Course Registration software, which could allow an unauthenticated attacker to gain unauthorized access to sensitive database information. Successful exploitation could lead to a significant data breach, compromising student personal information, course data, and administrative credentials. Organizations are urged to apply the vendor-supplied security update immediately to mitigate this critical risk.

This vulnerability is a SQL Injection flaw within the web application's user interface. An unauthenticated remote attacker can exploit this by sending specially crafted SQL statements to input fields on public-facing pages, such as the user registration or course search forms. Because the application fails to properly sanitize this user-supplied input, the malicious queries are executed directly by the backend database, allowing the attacker to bypass authentication, exfiltrate sensitive data, modify database records, or potentially achieve remote code execution depending on the database configuration.

This vulnerability presents a significant risk to the organization, classified as High severity with a CVSS score of 7.3. A successful exploit could lead to a major data breach, exposing sensitive Personally Identifiable Information (PII) of students and faculty, financial details, and intellectual property related to course materials. The consequences include severe reputational damage, loss of customer trust, operational disruption, and potential legal and regulatory penalties for non-compliance with data protection standards like GDPR or FERPA.

Immediate Action: Identify all instances of the affected PHPGurukul Online Course Registration software within the environment. Apply the security updates provided by the vendor immediately to patch the vulnerability. After patching, verify that the application is functioning correctly.

Proactive Monitoring: Enhance monitoring of affected systems for signs of compromise or exploitation attempts. Review web server and database access logs for unusual or malformed SQL queries, especially those containing terms like UNION, SELECT, SLEEP(), or comment characters (--, #). Implement alerts for multiple failed login attempts or queries that generate database errors, as these can be indicators of an ongoing attack.

Compensating Controls: If immediate patching is not feasible, implement the following compensating controls to reduce the risk of exploitation:

• Deploy a Web Application Firewall (WAF) with rulesets designed to detect and block SQL Injection attacks.
• Restrict network access to the application, allowing connections only from trusted IP ranges if possible.
• Enforce the principle of least privilege for the database user account connected to the web application to limit the potential impact of a successful exploit.

Public Exploit Available: false

Given the high severity of this vulnerability (CVSS 7.3) and the risk of a significant data breach, we strongly recommend that organizations prioritize the immediate patching of all affected systems. While this vulnerability is not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog, its potential impact on data confidentiality and integrity warrants urgent action. If patching cannot be performed immediately, the compensating controls outlined above, particularly the use of a Web Application Firewall, should be implemented without delay to mitigate the immediate threat.