Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.8
PHPGurukul Student Record Management System: Remote Code Injection Risk
CVE-2026-3402
Summary
A security flaw in the PHPGurukul Student Record Management System allows hackers to inject malicious code into the system if they manipulate the 'Course Short Name' field. This could potentially lead to unauthorized access or data theft. To protect your system, update to a version of PHPGurukul Student Record Management System that is not affected by this issue, or consider replacing it with a more secure alternative.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| phpgurukul | student_record_system | 1.0 | – |
Original title
A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the a...
Original description
A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
nvd CVSS2.0
3.3
nvd CVSS3.1
4.8
nvd CVSS4.0
4.8
Vulnerability type
CWE-79
Cross-site Scripting (XSS)
CWE-94
Code Injection
- https://github.com/AS-AbdulSamad/CVEs/issues/2 Exploit Third Party Advisory Issue Tracking
- https://phpgurukul.com/ Product
- https://vuldb.com/?ctiid.348297 Permissions Required VDB Entry
- https://vuldb.com/?id.348297 Third Party Advisory VDB Entry
- https://vuldb.com/?submit.763323 Third Party Advisory VDB Entry
Published: 2 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026