CVE Alert: CVE-2025-9729 - PHPGurukul - Online Course Registration

CVE-2025-9729

HIGHNo exploitation known

A vulnerability was detected in PHPGurukul Online Course Registration 3.1. This vulnerability affects unknown code of the file /admin/student-registration.php. Performing manipulation of the argument studentname results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVSS v3.1 (7.3)

Vendor

PHPGurukul

Product

Online Course Registration

Versions

3.1

CWE

CWE-89, SQL Injection

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Published

2025-08-31T12:32:07.485Z

Updated

2025-08-31T12:32:07.485Z

References

https://vuldb.com/?id.322018
https://vuldb.com/?ctiid.322018
https://vuldb.com/?submit.639710
https://github.com/shiqumeng/myCVE/issues/10
https://phpgurukul.com/

AI Summary Analysis

Risk verdict

Remote SQL injection with a publicly available exploit presents high risk; urgency is elevated, and you should monitor for escalation. If KEV is true or EPSS ≥ 0.5, treat as priority 1.

Why this matters

Attackers could read or modify student registrations and related data, potentially exfiltrating personally identifiable information or disrupting enrolment workflows. The lack of authentication and network-facing exposure enables automated exploitation against weakened DB queries, with possible downstream impact on audits, reporting, and student trust.

Most likely attack path

Attack vector is network-based (AV:N) with low attack complexity (AC:L) and no user interaction (UI:N). Privileges required are none (PR:N) and scope is unchanged (S:U), enabling direct manipulation via the vulnerable parameter. Public PoC increases likelihood of widespread attempts and automated scanning.

Who is most exposed

Publicly accessible PHP-based course registration components on common hosting stacks are at risk, especially where the admin endpoint (/admin/student-registration.php) is exposed to the internet or weakly protected.

Detection ideas

Web server and application logs show unusual SQL-like payloads in studentname parameters.
Increased 500/SQL error responses or database error messages surfacing in logs.
WAF alerts for SQL injection patterns (union/select, tautologies).
Sudden spikes in registration edits or failed login attempts targeting admin endpoints.
Repeated access from diverse IPs attempting similar payloads.

Mitigation and prioritisation

Patch to fixed version or deploy vendor hotfix; verify with staging tests before production.
Enforce parameterised queries and prepared statements; audit data access paths.
Restrict DB credentials to least privilege; separate application and admin accounts; rotate keys.
Apply input validation and output encoding; disable or tightly guard direct admin access.
Implement network access controls and add WAF rules for SQLi patterns; monitor post-deployment. If KEV true or EPSS ≥0.5, treat as priority 1.

A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.

If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below

Buy Me A Coffee

Patreon

To keep up to date follow us on the below channels.

Tags: CVE, cve-2025-9729, online-course-registration, OSINT, phpgurukul, threatintel