Phpgurukul News Portal vulnerabilities

CVE-2026-1424 [MEDIUM] CWE-284 CVE-2026-1424: A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the co A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVE-2026-1142 [MEDIUM] CWE-352 CVE-2026-1142: A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknow A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.

CVE-2026-1141 [MEDIUM] CWE-266 CVE-2026-1141: A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown fun A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly available and might be used.

CVE-2025-69991 [CRITICAL] CWE-89 CVE-2025-69991: phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php. phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php.

CVE-2025-69990 [CRITICAL] CWE-552 CVE-2025-69990: phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted.

CVE-2025-69992 [CRITICAL] CWE-125 CVE-2025-69992: phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication.

CVE-2025-12616 [MEDIUM] CWE-200 CVE-2025-12616: A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown funct A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as

CVE-2025-12615 [LOW] CWE-320 CVE-2025-12615: A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is de

CVE-2025-5370 [MEDIUM] CWE-74 CVE-2025-5370: A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vul A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-4873 [MEDIUM] CWE-74 CVE-2025-4873: A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and m

CVE-2025-4880 [MEDIUM] CWE-74 CVE-2025-4880: A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-4874 [MEDIUM] CWE-74 CVE-2025-4874: A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-1859 [MEDIUM] CWE-74 CVE-2025-1859: A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. Thi A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file /login.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-3768 [MEDIUM] CWE-89 CVE-2024-3768: A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Po A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The asso

CVE-2024-3767 [MEDIUM] CWE-74 CVE-2024-3767: A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability a A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2021-37808 [MEDIUM] CWE-89 CVE-2021-37808: SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) ca SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for