Search criteria
16 vulnerabilities found for News Portal by PHPGurukul
CVE-2025-12616 (GCVE-0-2025-12616)
Vulnerability from cvelistv5 – Published: 2025-11-03 04:02 – Updated: 2025-11-03 20:34 X_Freeware
VLAI?
Title
PHPGurukul News Portal settings.py insertion of sensitive information into debugging code
Summary
A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
1.0
|
Credits
Nishant_Kumar (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12616",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T20:34:18.587633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T20:34:35.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Information%20Disclosure%20via%20Debug%20Mode.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nishant_Kumar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack\u0027s complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul News Portal 1.0 wurde eine Schwachstelle gefunden. Es ist betroffen eine unbekannte Funktion der Datei /onps/settings.py. Mittels Manipulieren mit unbekannten Daten kann eine insertion of sensitive information into debugging code-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-215",
"description": "Insertion of Sensitive Information Into Debugging Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T04:02:06.308Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330910 | PHPGurukul News Portal settings.py insertion of sensitive information into debugging code",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.330910"
},
{
"name": "VDB-330910 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330910"
},
{
"name": "Submit #678649 | PHPGurukul News Portal using Python Django and MySQL 1.0 Insertion of Sensitive Information Into Debugging Code",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.678649"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Information%20Disclosure%20via%20Debug%20Mode.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-11-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-02T14:19:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal settings.py insertion of sensitive information into debugging code"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12616",
"datePublished": "2025-11-03T04:02:06.308Z",
"dateReserved": "2025-11-02T13:14:51.791Z",
"dateUpdated": "2025-11-03T20:34:35.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12615 (GCVE-0-2025-12615)
Vulnerability from cvelistv5 – Published: 2025-11-03 03:32 – Updated: 2025-11-03 20:35 X_Freeware
VLAI?
Title
PHPGurukul News Portal settings.py hard-coded key
Summary
A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key
. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
1.0
|
Credits
Nishant_Kumar (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12615",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T20:34:58.326056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T20:35:20.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nishant_Kumar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key\r . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in PHPGurukul News Portal 1.0 entdeckt. Betroffen ist eine unbekannte Funktion der Datei /onps/settings.py. Mittels dem Manipulieren des Arguments SECRET_KEY mit unbekannten Daten kann eine use of hard-coded cryptographic key\r -Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "Key Management Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T03:32:06.859Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330909 | PHPGurukul News Portal settings.py hard-coded key",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.330909"
},
{
"name": "VDB-330909 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330909"
},
{
"name": "Submit #678625 | PHPGurukul News Portal using Python Django and MySQL 1.0 Use of Hard-coded Cryptographic Key",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.678625"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-11-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-02T14:19:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal settings.py hard-coded key"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12615",
"datePublished": "2025-11-03T03:32:06.859Z",
"dateReserved": "2025-11-02T13:12:28.220Z",
"dateUpdated": "2025-11-03T20:35:20.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5370 (GCVE-0-2025-5370)
Vulnerability from cvelistv5 – Published: 2025-05-31 05:31 – Updated: 2025-06-02 15:49
VLAI?
Title
PHPGurukul News Portal forgot-password.php sql injection
Summary
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
Credits
Garmin0753 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5370",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T15:18:35.454662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:49:58.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/GarminYoung/myCVE/issues/5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Garmin0753 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul News Portal 4.1 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/forgot-password.php. Dank Manipulation des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-31T05:31:05.427Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310663 | PHPGurukul News Portal forgot-password.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310663"
},
{
"name": "VDB-310663 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310663"
},
{
"name": "Submit #587365 | PHPGurukul News Portal Project 4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.587365"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/GarminYoung/myCVE/issues/5"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-30T13:03:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal forgot-password.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5370",
"datePublished": "2025-05-31T05:31:05.427Z",
"dateReserved": "2025-05-30T10:58:48.547Z",
"dateUpdated": "2025-06-02T15:49:58.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4880 (GCVE-0-2025-4880)
Vulnerability from cvelistv5 – Published: 2025-05-18 13:00 – Updated: 2025-05-19 14:16
VLAI?
Title
PHPGurukul News Portal aboutus.php sql injection
Summary
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
Credits
-Schatten- (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4880",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:16:28.615323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:16:31.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Schatten-42/MyCVE/issues/8"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "-Schatten- (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul News Portal 4.1 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/aboutus.php. Durch die Manipulation des Arguments pagetitle mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-18T13:00:09.485Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-309433 | PHPGurukul News Portal aboutus.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.309433"
},
{
"name": "VDB-309433 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.309433"
},
{
"name": "Submit #576264 | PHPGurukul News Portal Project 4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.576264"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Schatten-42/MyCVE/issues/8"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-17T08:03:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal aboutus.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4880",
"datePublished": "2025-05-18T13:00:09.485Z",
"dateReserved": "2025-05-17T05:58:37.399Z",
"dateUpdated": "2025-05-19T14:16:31.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4873 (GCVE-0-2025-4873)
Vulnerability from cvelistv5 – Published: 2025-05-18 11:31 – Updated: 2025-05-19 14:18
VLAI?
Title
PHPGurukul News Portal Login index.php sql injection
Summary
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
Credits
-Schatten- (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:18:19.049714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:18:21.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Schatten-42/MyCVE/issues/6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Login"
],
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "-Schatten- (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul News Portal 4.1 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin/index.php der Komponente Login. Durch das Manipulieren des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-18T11:31:05.510Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-309415 | PHPGurukul News Portal Login index.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.309415"
},
{
"name": "VDB-309415 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.309415"
},
{
"name": "Submit #576244 | PHPGurukul News Portal Project 4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.576244"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Schatten-42/MyCVE/issues/6"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-16T21:42:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal Login index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4873",
"datePublished": "2025-05-18T11:31:05.510Z",
"dateReserved": "2025-05-16T19:37:14.198Z",
"dateUpdated": "2025-05-19T14:18:21.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1859 (GCVE-0-2025-1859)
Vulnerability from cvelistv5 – Published: 2025-03-03 09:00 – Updated: 2025-03-03 12:33
VLAI?
Title
PHPGurukul News Portal login.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file /login.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
Credits
panghuanjie66 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1859",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T12:33:13.092350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T12:33:24.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panghuanjie66 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file /login.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul News Portal 4.1 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /login.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T09:00:08.310Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298127 | PHPGurukul News Portal login.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298127"
},
{
"name": "VDB-298127 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298127"
},
{
"name": "Submit #506350 | PHPGurukul News Portal V4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.506350"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/panghuanjie/Code-audits/issues/2"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-02T21:32:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal login.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1859",
"datePublished": "2025-03-03T09:00:08.310Z",
"dateReserved": "2025-03-02T20:26:53.806Z",
"dateUpdated": "2025-03-03T12:33:24.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3768 (GCVE-0-2024-3768)
Vulnerability from cvelistv5 – Published: 2024-04-15 03:31 – Updated: 2024-08-01 20:20
VLAI?
Title
PHPGurukul/itsourcecode News Portal search.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
|||||||
|
|||||||||
Credits
Burak (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3768",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T16:19:00.616338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:19:23.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-260615 | PHPGurukul/itsourcecode News Portal search.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.260615"
},
{
"name": "VDB-260615 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.260615"
},
{
"name": "Submit #316291 | PHPGurukul News Portal 4.1 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.316291"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%204.md"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_b.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
},
{
"product": "News Portal",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Burak (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul/itsourcecode News Portal 4.1 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei search.php. Durch die Manipulation des Arguments searchtitle mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-28T07:15:22.324Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-260615 | PHPGurukul/itsourcecode News Portal search.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.260615"
},
{
"name": "VDB-260615 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.260615"
},
{
"name": "Submit #316291 | PHPGurukul News Portal 4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.316291"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%204.md"
},
{
"tags": [
"related"
],
"url": "https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_b.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-14T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2024-04-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-28T09:20:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul/itsourcecode News Portal search.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3768",
"datePublished": "2024-04-15T03:31:04.399Z",
"dateReserved": "2024-04-14T19:43:26.649Z",
"dateUpdated": "2024-08-01T20:20:01.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3767 (GCVE-0-2024-3767)
Vulnerability from cvelistv5 – Published: 2024-04-15 03:00 – Updated: 2025-05-30 11:19
VLAI?
Title
PHPGurukul News Portal edit-post.php sql injection
Summary
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
Credits
Burak (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:news_portal:4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "news_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3767",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T19:35:24.430659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T19:37:27.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-260614 | PHPGurukul News Portal edit-post.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.260614"
},
{
"name": "VDB-260614 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.260614"
},
{
"name": "Submit #316290 | PHPGurukul News Portal 4.1 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.316290"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%203.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Burak (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul News Portal 4.1 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/edit-post.php. Mit der Manipulation des Arguments posttitle/category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T11:19:24.174Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-260614 | PHPGurukul News Portal edit-post.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.260614"
},
{
"name": "VDB-260614 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.260614"
},
{
"name": "Submit #316290 | PHPGurukul News Portal 4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.316290"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%203.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-14T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2024-04-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-30T13:24:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal edit-post.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3767",
"datePublished": "2024-04-15T03:00:05.339Z",
"dateReserved": "2024-04-14T19:43:13.935Z",
"dateUpdated": "2025-05-30T11:19:24.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12616 (GCVE-0-2025-12616)
Vulnerability from nvd – Published: 2025-11-03 04:02 – Updated: 2025-11-03 20:34 X_Freeware
VLAI?
Title
PHPGurukul News Portal settings.py insertion of sensitive information into debugging code
Summary
A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used.
Severity ?
CWE
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
1.0
|
Credits
Nishant_Kumar (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12616",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T20:34:18.587633Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T20:34:35.281Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Information%20Disclosure%20via%20Debug%20Mode.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nishant_Kumar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack\u0027s complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul News Portal 1.0 wurde eine Schwachstelle gefunden. Es ist betroffen eine unbekannte Funktion der Datei /onps/settings.py. Mittels Manipulieren mit unbekannten Daten kann eine insertion of sensitive information into debugging code-Schwachstelle ausgenutzt werden. Es ist m\u00f6glich, den Angriff aus der Ferne durchzuf\u00fchren. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie ist schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-215",
"description": "Insertion of Sensitive Information Into Debugging Code",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T04:02:06.308Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330910 | PHPGurukul News Portal settings.py insertion of sensitive information into debugging code",
"tags": [
"vdb-entry"
],
"url": "https://vuldb.com/?id.330910"
},
{
"name": "VDB-330910 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330910"
},
{
"name": "Submit #678649 | PHPGurukul News Portal using Python Django and MySQL 1.0 Insertion of Sensitive Information Into Debugging Code",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.678649"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Information%20Disclosure%20via%20Debug%20Mode.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-11-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-02T14:19:55.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal settings.py insertion of sensitive information into debugging code"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12616",
"datePublished": "2025-11-03T04:02:06.308Z",
"dateReserved": "2025-11-02T13:14:51.791Z",
"dateUpdated": "2025-11-03T20:34:35.281Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-12615 (GCVE-0-2025-12615)
Vulnerability from nvd – Published: 2025-11-03 03:32 – Updated: 2025-11-03 20:35 X_Freeware
VLAI?
Title
PHPGurukul News Portal settings.py hard-coded key
Summary
A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key
. The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
1.0
|
Credits
Nishant_Kumar (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12615",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-03T20:34:58.326056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T20:35:20.857Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Nishant_Kumar (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key\r . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in PHPGurukul News Portal 1.0 entdeckt. Betroffen ist eine unbekannte Funktion der Datei /onps/settings.py. Mittels dem Manipulieren des Arguments SECRET_KEY mit unbekannten Daten kann eine use of hard-coded cryptographic key\r -Schwachstelle ausgenutzt werden. Ein Angriff ist aus der Distanz m\u00f6glich. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Sie gilt als schwierig auszunutzen. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 2.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.1,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-321",
"description": "Use of Hard-coded Cryptographic Key",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-320",
"description": "Key Management Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-03T03:32:06.859Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-330909 | PHPGurukul News Portal settings.py hard-coded key",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.330909"
},
{
"name": "VDB-330909 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.330909"
},
{
"name": "Submit #678625 | PHPGurukul News Portal using Python Django and MySQL 1.0 Use of Hard-coded Cryptographic Key",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.678625"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"tags": [
"x_freeware"
],
"timeline": [
{
"lang": "en",
"time": "2025-11-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-11-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-11-02T14:19:31.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal settings.py hard-coded key"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-12615",
"datePublished": "2025-11-03T03:32:06.859Z",
"dateReserved": "2025-11-02T13:12:28.220Z",
"dateUpdated": "2025-11-03T20:35:20.857Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-5370 (GCVE-0-2025-5370)
Vulnerability from nvd – Published: 2025-05-31 05:31 – Updated: 2025-06-02 15:49
VLAI?
Title
PHPGurukul News Portal forgot-password.php sql injection
Summary
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
Credits
Garmin0753 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5370",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-02T15:18:35.454662Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:49:58.789Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/GarminYoung/myCVE/issues/5"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Garmin0753 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul News Portal 4.1 wurde eine kritische Schwachstelle entdeckt. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/forgot-password.php. Dank Manipulation des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-31T05:31:05.427Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-310663 | PHPGurukul News Portal forgot-password.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.310663"
},
{
"name": "VDB-310663 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.310663"
},
{
"name": "Submit #587365 | PHPGurukul News Portal Project 4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.587365"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/GarminYoung/myCVE/issues/5"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-30T13:03:51.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal forgot-password.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-5370",
"datePublished": "2025-05-31T05:31:05.427Z",
"dateReserved": "2025-05-30T10:58:48.547Z",
"dateUpdated": "2025-06-02T15:49:58.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4880 (GCVE-0-2025-4880)
Vulnerability from nvd – Published: 2025-05-18 13:00 – Updated: 2025-05-19 14:16
VLAI?
Title
PHPGurukul News Portal aboutus.php sql injection
Summary
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
Credits
-Schatten- (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4880",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:16:28.615323Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:16:31.605Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Schatten-42/MyCVE/issues/8"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "-Schatten- (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul News Portal 4.1 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion der Datei /admin/aboutus.php. Durch die Manipulation des Arguments pagetitle mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-18T13:00:09.485Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-309433 | PHPGurukul News Portal aboutus.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.309433"
},
{
"name": "VDB-309433 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.309433"
},
{
"name": "Submit #576264 | PHPGurukul News Portal Project 4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.576264"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Schatten-42/MyCVE/issues/8"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-17T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-17T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-17T08:03:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal aboutus.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4880",
"datePublished": "2025-05-18T13:00:09.485Z",
"dateReserved": "2025-05-17T05:58:37.399Z",
"dateUpdated": "2025-05-19T14:16:31.605Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-4873 (GCVE-0-2025-4873)
Vulnerability from nvd – Published: 2025-05-18 11:31 – Updated: 2025-05-19 14:18
VLAI?
Title
PHPGurukul News Portal Login index.php sql injection
Summary
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
Credits
-Schatten- (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-4873",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-19T14:18:19.049714Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-19T14:18:21.507Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/Schatten-42/MyCVE/issues/6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Login"
],
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "-Schatten- (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul News Portal 4.1 wurde eine Schwachstelle gefunden. Sie wurde als kritisch eingestuft. Es geht um eine nicht n\u00e4her bekannte Funktion der Datei /admin/index.php der Komponente Login. Durch das Manipulieren des Arguments Username mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-18T11:31:05.510Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-309415 | PHPGurukul News Portal Login index.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.309415"
},
{
"name": "VDB-309415 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.309415"
},
{
"name": "Submit #576244 | PHPGurukul News Portal Project 4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.576244"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/Schatten-42/MyCVE/issues/6"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-05-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-05-16T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-16T21:42:17.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal Login index.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-4873",
"datePublished": "2025-05-18T11:31:05.510Z",
"dateReserved": "2025-05-16T19:37:14.198Z",
"dateUpdated": "2025-05-19T14:18:21.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1859 (GCVE-0-2025-1859)
Vulnerability from nvd – Published: 2025-03-03 09:00 – Updated: 2025-03-03 12:33
VLAI?
Title
PHPGurukul News Portal login.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file /login.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
Credits
panghuanjie66 (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1859",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-03T12:33:13.092350Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T12:33:24.270Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "panghuanjie66 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file /login.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul News Portal 4.1 entdeckt. Sie wurde als kritisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /login.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 7.5,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-03T09:00:08.310Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-298127 | PHPGurukul News Portal login.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.298127"
},
{
"name": "VDB-298127 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.298127"
},
{
"name": "Submit #506350 | PHPGurukul News Portal V4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.506350"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/panghuanjie/Code-audits/issues/2"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-03-02T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-03-02T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-02T21:32:04.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal login.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-1859",
"datePublished": "2025-03-03T09:00:08.310Z",
"dateReserved": "2025-03-02T20:26:53.806Z",
"dateUpdated": "2025-03-03T12:33:24.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3768 (GCVE-0-2024-3768)
Vulnerability from nvd – Published: 2024-04-15 03:31 – Updated: 2024-08-01 20:20
VLAI?
Title
PHPGurukul/itsourcecode News Portal search.php sql injection
Summary
A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615.
Severity ?
6.3 (Medium)
6.3 (Medium)
CWE
- CWE-89 - SQL Injection
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
|||||||
|
|||||||||
Credits
Burak (VulDB User)
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3768",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-12T16:19:00.616338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-12T16:19:23.976Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.861Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-260615 | PHPGurukul/itsourcecode News Portal search.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.260615"
},
{
"name": "VDB-260615 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.260615"
},
{
"name": "Submit #316291 | PHPGurukul News Portal 4.1 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.316291"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%204.md"
},
{
"tags": [
"related",
"x_transferred"
],
"url": "https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_b.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
},
{
"product": "News Portal",
"vendor": "itsourcecode",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Burak (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as critical, has been found in PHPGurukul/itsourcecode News Portal 4.1. This issue affects some unknown processing of the file search.php. The manipulation of the argument searchtitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260615."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in PHPGurukul/itsourcecode News Portal 4.1 entdeckt. Sie wurde als kritisch eingestuft. Davon betroffen ist unbekannter Code der Datei search.php. Durch die Manipulation des Arguments searchtitle mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-28T07:15:22.324Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-260615 | PHPGurukul/itsourcecode News Portal search.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.260615"
},
{
"name": "VDB-260615 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.260615"
},
{
"name": "Submit #316291 | PHPGurukul News Portal 4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.316291"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%204.md"
},
{
"tags": [
"related"
],
"url": "https://github.com/L1OudFd8cl09/CVE/blob/main/25_07_2024_b.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-14T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2024-04-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-07-28T09:20:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul/itsourcecode News Portal search.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3768",
"datePublished": "2024-04-15T03:31:04.399Z",
"dateReserved": "2024-04-14T19:43:26.649Z",
"dateUpdated": "2024-08-01T20:20:01.861Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-3767 (GCVE-0-2024-3767)
Vulnerability from nvd – Published: 2024-04-15 03:00 – Updated: 2025-05-30 11:19
VLAI?
Title
PHPGurukul News Portal edit-post.php sql injection
Summary
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Severity ?
6.3 (Medium)
6.3 (Medium)
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| PHPGurukul | News Portal |
Affected:
4.1
|
Credits
Burak (VulDB User)
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:phpgurukul:news_portal:4.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "news_portal",
"vendor": "phpgurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-3767",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T19:35:24.430659Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T19:37:27.455Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:20:01.783Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-260614 | PHPGurukul News Portal edit-post.php sql injection",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.260614"
},
{
"name": "VDB-260614 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.260614"
},
{
"name": "Submit #316290 | PHPGurukul News Portal 4.1 SQL Injection",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.316290"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%203.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "News Portal",
"vendor": "PHPGurukul",
"versions": [
{
"status": "affected",
"version": "4.1"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Burak (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "In PHPGurukul News Portal 4.1 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Hierbei betrifft es unbekannten Programmcode der Datei /admin/edit-post.php. Mit der Manipulation des Arguments posttitle/category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff \u00fcber das Netzwerk. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-05-30T11:19:24.174Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-260614 | PHPGurukul News Portal edit-post.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.260614"
},
{
"name": "VDB-260614 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.260614"
},
{
"name": "Submit #316290 | PHPGurukul News Portal 4.1 SQL Injection",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.316290"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BurakSevben/CVEs/blob/main/News%20Portal/News%20Portal%20-%20SQL%20Injection%20-%203.md"
},
{
"tags": [
"product"
],
"url": "https://phpgurukul.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-04-14T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-04-14T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2024-04-14T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-05-30T13:24:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "PHPGurukul News Portal edit-post.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-3767",
"datePublished": "2024-04-15T03:00:05.339Z",
"dateReserved": "2024-04-14T19:43:13.935Z",
"dateUpdated": "2025-05-30T11:19:24.174Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}