News Portal
CVE-2026-1424
LOW
Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
5DescriptionCVE.org
A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
AnalysisAI
Unrestricted file upload in PHPGurukul News Portal 1.0's profile picture handler allows remote attackers to upload arbitrary files with high-level privileges. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could potentially upload malicious files to compromise the application or underlying system.
Technical ContextAI
Classified as CWE-284 (Improper Access Control). Affects News Portal. A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
More in News Portal
View allphpgurukul News Portal V4.1 allows unauthenticated upload of any file type via upload.php. The third critical vulnerabil
phpgurukul News Portal V4.1 has SQL injection in check_availablity.php. PoC available.
phpgurukul News Portal V4.1 allows unauthenticated arbitrary file deletion via remove_file.php. Attackers can delete any
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Rated medium severity (CVSS 6.9
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Rated medium severity (CVSS 6.9
A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1.php. Rated medium severi
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcateg
PHPGurukul News Portal 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to
Same weakness CWE-284 – Improper Access Control
View allSame technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today