CVE-2026-1424

CWE-284Improper Access ControlCWE-434Unrestricted File Upload3 documents3 sources
Severity
5.1MEDIUM
EPSS
0.0%
top 94.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpgurukul News Portal
Timeline
PublishedJan 26

Description

A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

CVEListV5phpgurukul/news_portal1.0

🔴Vulnerability Details

2
CVEList
PHPGurukul News Portal Profile Pic unrestricted upload2026-01-26
GHSA
GHSA-jxwq-p5r5-4484: A vulnerability was identified in PHPGurukul News Portal 12026-01-26
CVE-2026-1424 (MEDIUM CVSS 5.1) | A vulnerability was identified in P | cvebase.io