EUVD-2026-20836
GHSA-54vp-xc4p-3x7w
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Tags
Description
A vulnerability was found in PHPGurukul News Portal Project 4.1. This affects an unknown part of the file /news-details.php. The manipulation of the argument Comment results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
Analysis
SQL injection in PHPGurukul News Portal Project 4.1 allows unauthenticated remote attackers to extract, modify, or delete database contents through the Comment parameter in /news-details.php. CVSS 7.3 severity with network-accessible attack vector requiring no authentication or user interaction. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running PHPGurukul News Portal 4.1 and isolate or disable the /news-details.php comment functionality. Within 7 days: Implement Web Application Firewall (WAF) rules blocking SQL injection patterns in the comment parameter and conduct database access audit for unauthorized modifications. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today