News Portal
Monthly
Unrestricted file upload in PHPGurukul News Portal 1.0's profile picture handler allows remote attackers to upload arbitrary files with high-level privileges. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could potentially upload malicious files to compromise the application or underlying system.
PHPGurukul News Portal 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated users through crafted requests. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The flaw affects the integrity of user actions but does not compromise confidentiality or availability.
PHPGurukul News Portal 1.0 contains an authorization bypass in the /admin/add-subadmins.php component that allows authenticated attackers to gain unauthorized access and modify system data. Public exploit code exists for this vulnerability, making it readily exploitable by remote actors. A patch is not currently available, leaving installations vulnerable until an update is released.
phpgurukul News Portal V4.1 allows unauthenticated upload of any file type via upload.php. The third critical vulnerability in this application alongside file deletion and SQL injection. PoC available.
phpgurukul News Portal V4.1 has SQL injection in check_availablity.php. PoC available.
phpgurukul News Portal V4.1 allows unauthenticated arbitrary file deletion via remove_file.php. Attackers can delete any file on the server. PoC available.
A vulnerability was detected in PHPGurukul News Portal 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in PHPGurukul News Portal 1.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Unrestricted file upload in PHPGurukul News Portal 1.0's profile picture handler allows remote attackers to upload arbitrary files with high-level privileges. Public exploit code exists for this vulnerability, and no patch is currently available. An authenticated attacker could potentially upload malicious files to compromise the application or underlying system.
PHPGurukul News Portal 1.0 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to perform unauthorized actions on behalf of authenticated users through crafted requests. Public exploit code exists for this vulnerability, increasing the risk of active exploitation. The flaw affects the integrity of user actions but does not compromise confidentiality or availability.
PHPGurukul News Portal 1.0 contains an authorization bypass in the /admin/add-subadmins.php component that allows authenticated attackers to gain unauthorized access and modify system data. Public exploit code exists for this vulnerability, making it readily exploitable by remote actors. A patch is not currently available, leaving installations vulnerable until an update is released.
phpgurukul News Portal V4.1 allows unauthenticated upload of any file type via upload.php. The third critical vulnerability in this application alongside file deletion and SQL injection. PoC available.
phpgurukul News Portal V4.1 has SQL injection in check_availablity.php. PoC available.
phpgurukul News Portal V4.1 allows unauthenticated arbitrary file deletion via remove_file.php. Attackers can delete any file on the server. PoC available.
A vulnerability was detected in PHPGurukul News Portal 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in PHPGurukul News Portal 1.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1.php. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.