Severity by source
AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.
AnalysisAI
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. Affected products include: Phpgurukul News Portal.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in News Portal
View allphpgurukul News Portal V4.1 allows unauthenticated upload of any file type via upload.php. The third critical vulnerabil
phpgurukul News Portal V4.1 has SQL injection in check_availablity.php. PoC available.
phpgurukul News Portal V4.1 allows unauthenticated arbitrary file deletion via remove_file.php. Attackers can delete any
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Rated medium severity (CVSS 6.9
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Rated medium severity (CVSS 6.9
A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1.php. Rated medium severi
PHPGurukul News Portal 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to
Unrestricted file upload in PHPGurukul News Portal 1.0's profile picture handler allows remote attackers to upload arbit
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today