CVE-2025-51414 - Vulnerability Details - OpenCVE

In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Key SSVC decision points have not yet been added.

Vendors	Products
Phpgurukul Subscribe	Online Course Registration Subscribe

No data.

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Phpgurukul Subscribe	Online Course Registration Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/12T40910/CVE/issues/12
https://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file-upload-in-online-course-registration-v3-1-bd8b839be1d7

History

Tue, 14 Apr 2026 16:45:00 +0000

Type	Values Removed	Values Added
Title		Unrestricted File Upload in Profile Picture Upload of Online Course Registration v3.1
Weaknesses		CWE-434

Tue, 14 Apr 2026 16:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Phpgurukul Phpgurukul online Course Registration
Vendors & Products		Phpgurukul Phpgurukul online Course Registration

Mon, 13 Apr 2026 20:45:00 +0000

Type	Values Removed	Values Added
Description		In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page.
References		https://github.com/12T40910/CVE/issues/12 https://medium.com/@tanushkushtk01/cve-2025-51414-unrestricted-file-upload-in-online-course-registration-v3-1-bd8b839be1d7

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2026-04-13T00:00:00.000Z

Updated: 2026-04-13T20:30:49.529Z

Reserved: 2025-06-16T00:00:00.000Z

Link: CVE-2025-51414

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-04-13T21:16:23.610

Modified: 2026-04-13T21:16:23.610

Link: CVE-2025-51414

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-14T16:35:35Z

Weaknesses

CWE-434

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.1"}}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 89.0, "source": "matching"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "online_course_registration", "vendor": "phpgurukul"}], "analysis": {"en": {"generated_at": "2026-04-13T21:53:12.770538+00:00", "value": {"mitigation_remediation": ["Verify whether Phpgurukul has released a patch or upgrade for version 3.1 and apply it immediately.", "If a patch is not available, limit accepted file types by validating MIME type and file extension to approved image formats.", "Store uploaded files outside the web document root or configure server permissions so that uploaded files cannot be executed directly.", "Rename uploaded files to avoid name collisions and prevent executable code inclusion.", "Consider deploying a Web Application Firewall or similar security monitoring to detect and block suspicious file uploads."], "summary": {"action": "Apply Patch", "impact": "Unrestricted upload of user-supplied files may allow attackers to store and potentially execute malicious code on the web server"}, "threat_synthesis": {"affected_systems": "The vulnerability affects installations of Phpgurukul Online Course Registration version 3.1. Users who have deployed this version should assess whether the application is reachable via the public internet or internal networks and consider whether any access controls are in place for the profile picture upload area.", "description_and_impact": "An arbitrary file upload vulnerability exists in the profile picture upload feature of Phpgurukul Online Course Registration version 3.1, accessible through the /my-profile.php page. The flaw allows a user to upload any file type without restriction, creating a risk that malicious files can be stored on the server. If the application or server later processes the uploaded file in a way that permits execution, the attacker could inject code, compromise the application, or tamper with stored data.", "risk_and_exploitability": "The flaw is remotely exploitable through the web interface; an attacker only needs the ability to submit a file via the upload form on /my-profile.php. No CVSS score, EPSS metric, or KEV listing is provided, so the severity cannot be quantified from the available data. The nature of unrestricted file upload indicates that the vulnerability could enable severe impacts if the uploaded content is executed or processed improperly. Until an official patch is released, systems running the vulnerable application remain at risk."}}}}, "created": "2026-04-14T16:21:44.630131+00:00", "title": "Unrestricted File Upload in Profile Picture Upload of Online Course Registration v3.1", "updated": "2026-04-14T16:35:35.664872+00:00", "vendors": ["phpgurukul", "phpgurukul$PRODUCT$online_course_registration"], "weaknesses": ["CWE-434"]}