CVE-2026-1141 — Incorrect Privilege Assignment in News Portal

CWE-266 — Incorrect Privilege Assignment CWE-285 — Improper Authorization CWE-125 — Out-of-bounds Read CWE-190 — Integer Overflow or Wraparound4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.1%

top 76.15%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul News Portal

Timeline

PublishedJan 19

Latest updateFeb 25

Description

A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly available and might be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5phpgurukul/news_portal1.0

▶NVDphpgurukul/news_portal1.0

🔴Vulnerability Details

GHSA

ImageMagick: Integer Overflow in PSB (PSD v2) RLE decoding path causes heap Out of Bounds reads for 32-bit builds↗2026-02-25

▶

GHSA

GHSA-j6q4-mvcw-hpgm: A vulnerability was identified in PHPGurukul News Portal 1↗2026-01-19

▶

CVEList

PHPGurukul News Portal Add Sub-Admin add-subadmins.php improper authorization↗2026-01-19

▶