{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2025-51414", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-15T17:42:00.712Z", "dateReserved": "2025-06-16T00:00:00.000Z", "datePublished": "2026-04-13T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T20:30:49.529Z"}, "descriptions": [{"lang": "en", "value": "In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/12T40910/CVE/issues/12"}, {"url": "https://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file-upload-in-online-course-registration-v3-1-bd8b839be1d7"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-94", "lang": "en", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T17:41:56.218798Z", "id": "CVE-2025-51414", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T17:42:00.712Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-51414", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-04-15T17:41:56.218798Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94 Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T15:33:03.102Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/12T40910/CVE/issues/12"}, {"url": "https://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file-upload-in-online-course-registration-v3-1-bd8b839be1d7"}], "descriptions": [{"lang": "en", "value": "In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-13T20:30:49.529Z"}}}, "cveMetadata": {"cveId": "CVE-2025-51414", "state": "PUBLISHED", "dateUpdated": "2026-04-15T17:42:00.712Z", "dateReserved": "2025-06-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-13T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page."}], "id": "CVE-2025-51414", "lastModified": "2026-04-17T15:33:34.050", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-13T21:16:23.610", "references": [{"source": "cve@mitre.org", "url": "https://github.com/12T40910/CVE/issues/12"}, {"source": "cve@mitre.org", "url": "https://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file-upload-in-online-course-registration-v3-1-bd8b839be1d7"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 89.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "online_course_registration", "vendor": "phpgurukul"}], "analysis": {"en": {"generated_at": "2026-04-16T02:36:26.620098+00:00", "value": {"mitigation_remediation": ["Verify whether Phpgurukul has released a patch or upgrade for version 3.1 and apply it immediately.", "If a patch is not available, limit accepted file types by validating MIME type and file extension to approved image formats.", "Store uploaded files outside the web document root or configure server permissions so that uploaded files cannot be executed directly.", "Rename uploaded files to avoid name collisions and prevent executable code inclusion.", "Consider deploying a Web Application Firewall or similar security monitoring to detect and block suspicious file uploads."], "summary": {"action": "Apply Patch", "impact": "Unrestricted upload of user-supplied files may allow attackers to store and potentially execute malicious code on the web server"}, "threat_synthesis": {"affected_systems": "The vulnerability affects installations of Phpgurukul Online Course Registration version 3.1. Users who have deployed this version should assess whether the application is reachable via the public internet or internal networks and consider whether any access controls are in place for the profile picture upload area.", "description_and_impact": "An arbitrary file upload vulnerability exists in the profile picture upload feature of Phpgurukul Online Course Registration version 3.1, accessible through the /my-profile.php page. The flaw allows a user to upload any file type without restriction, creating a risk that malicious files can be stored on the server. If the application or server later processes the uploaded file in a way that permits execution, the attacker could inject code, compromise the application, or tamper with stored data.", "risk_and_exploitability": "The flaw is remotely exploitable through the web interface; an attacker only needs the ability to submit a file via the upload form on /my-profile.php. The CVSS score is 8.8, indicating high severity, while the EPSS score remains below 1% and the vulnerability is not listed in KEV. The nature of unrestricted file upload indicates that the vulnerability could enable severe impacts if the uploaded content is executed or processed improperly. Until an official patch is released, systems running the vulnerable application remain at risk."}}}}, "created": "2026-04-14T16:21:44.630131+00:00", "title": "Unrestricted File Upload in Phpgurukul Online Course Registration", "updated": "2026-04-16T02:45:06.082909+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$online_course_registration"]}