VYPR

News Portal

by Phpgurukul

CVEs (30)

  • CVE-2026-5837HigApr 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.

  • CVE-2026-3164HigFeb 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A vulnerability was found in itsourcecode News Portal Project 1.0. This issue affects some unknown processing of the file /admin/contactus.php. The manipulation of the argument pagetitle results in sql injection. It is possible to launch the attack remotely. The exploit has been…

  • CVE-2026-3135HigFeb 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in itsourcecode News Portal Project 1.0. The impacted element is an unknown function of the file /admin/add-category.php. This manipulation of the argument Category causes sql injection. It is possible to initiate the attack remotely. The exploit…

  • CVE-2026-3134HigFeb 25, 2026
    risk 0.47cvss 7.3epss 0.00

    A security flaw has been discovered in itsourcecode News Portal Project 1.0. The affected element is an unknown function of the file /newsportal/admin/edit-category.php. The manipulation of the argument Category results in sql injection. The attack may be performed from remote.…

  • CVE-2026-2225HigFeb 9, 2026
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in itsourcecode News Portal Project 1.0. This vulnerability affects unknown code of the file /admin/index.php of the component Administrator Login. This manipulation of the argument email causes sql injection. The attack can be initiated remotely. The…

  • CVE-2026-1141MedJan 19, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit…

  • CVE-2025-12615MedNov 3, 2025
    risk 0.33cvss 5.0epss 0.00

    A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from…

  • CVE-2026-5840MedApr 9, 2026
    risk 0.31cvss 4.7epss 0.00

    A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The…

  • CVE-2026-5839MedApr 9, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescription leads to sql injection. The attack may be launched remotely. The exploit is…

  • CVE-2026-5838MedApr 9, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername causes sql injection. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-2162MedFeb 8, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed…

  • CVE-2026-1424MedJan 26, 2026
    risk 0.31cvss 4.7epss 0.00

    A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

  • CVE-2026-1142MedJan 19, 2026
    risk 0.28cvss 4.3epss 0.00

    A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for…

  • CVE-2025-12616LowNov 3, 2025
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The…

  • CVE-2025-69991Jan 13, 2026
    risk 0.00cvss epss 0.00

    phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php.

  • CVE-2025-69992Jan 13, 2026
    risk 0.00cvss epss 0.01

    phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication.

  • CVE-2025-69990Jan 13, 2026
    risk 0.00cvss epss 0.00

    phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted.

  • CVE-2025-5370May 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched…

  • CVE-2025-5252May 27, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-subadmin.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely.…

  • CVE-2025-5251May 27, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack…

Page 1 of 2