CVE-2025-12616Sensitive Information Exposure in News Portal

CWE-200Sensitive Information ExposureCWE-215Insertion of Sensitive Information Into Debugging Code3 documents3 sources
Severity
6.3MEDIUMNVD
EPSS
0.0%
top 86.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul News Portal
Timeline
PublishedNov 3

Description

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5phpgurukul/news_portal1.0

🔴Vulnerability Details

2
GHSA
GHSA-pcp2-9pj8-878j: A vulnerability was detected in PHPGurukul News Portal 12025-11-03
CVEList
PHPGurukul News Portal settings.py insertion of sensitive information into debugging code2025-11-03
CVE-2025-12616 — Sensitive Information Exposure | cvebase