News Portal Project
Monthly
SQL injection in PHPGurukul News Portal Project 4.1 allows authenticated remote attackers to manipulate the Username parameter in /admin/check_availability.php, enabling data exfiltration and potential database modification. The vulnerability requires high-privilege administrative access; publicly available exploit code exists and may be actively used in attacks.
SQL injection in PHPGurukul News Portal Project 4.1 allows authenticated remote attackers with high privileges to manipulate the sucatdescription parameter in /admin/add-subcategory.php, enabling unauthorized database query execution with limited confidentiality, integrity, and availability impact. Publicly available exploit code exists and the CVSS vector indicates proof-of-concept availability (E:P), though this is a low-severity vulnerability (CVSS 4.7) constrained by high administrative privilege requirements.
SQL injection in PHPGurukul News Portal Project 4.1 allows remote authenticated administrators to execute arbitrary SQL queries via the sadminusername parameter in /admin/add-subadmins.php. The vulnerability is publicly disclosed with exploit code available, though exploitation requires high-privilege admin access (PR:H) and carries low to moderate real-world risk despite a CVSS score of 4.7.
SQL injection in PHPGurukul News Portal Project 4.1 allows unauthenticated remote attackers to extract, modify, or delete database contents through the Comment parameter in /news-details.php. CVSS 7.3 severity with network-accessible attack vector requiring no authentication or user interaction. Publicly available exploit code exists. Attackers can compromise confidentiality, integrity, and availability of application data through crafted SQL payloads in comment submission functionality.
SQL injection in the News Portal Project 1.0 /admin/contactus.php endpoint allows unauthenticated remote attackers to manipulate the pagetitle parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable data theft, modification, or denial of service against affected installations.
SQL injection in itsourcecode News Portal Project 1.0 via the Category parameter in /admin/add-category.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code is available for this vulnerability, and no patch has been released, leaving affected installations vulnerable to data exfiltration, modification, or deletion. The attack requires no user interaction and can be executed over the network with a CVSS score of 7.3.
SQL injection in itsourcecode News Portal Project 1.0's category editing functionality allows unauthenticated remote attackers to manipulate the Category parameter and execute arbitrary SQL queries. Public exploit code is available for this vulnerability, increasing the likelihood of active exploitation. Currently, no patch is available to remediate this issue.
SQL injection in the News Portal Project 1.0 administrator login interface allows unauthenticated remote attackers to manipulate the email parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could exploit this to extract sensitive data, modify database contents, or potentially escalate privileges within the application.
SQL injection in the News Portal Project 1.0 admin panel (/admin/aboutus.php) allows authenticated attackers with high privileges to manipulate the pagetitle parameter and execute arbitrary SQL queries, potentially compromising database integrity and confidentiality. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid administrative credentials but no user interaction.
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul News Portal Project 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul News Portal Project 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
SQL injection in PHPGurukul News Portal Project 4.1 allows authenticated remote attackers to manipulate the Username parameter in /admin/check_availability.php, enabling data exfiltration and potential database modification. The vulnerability requires high-privilege administrative access; publicly available exploit code exists and may be actively used in attacks.
SQL injection in PHPGurukul News Portal Project 4.1 allows authenticated remote attackers with high privileges to manipulate the sucatdescription parameter in /admin/add-subcategory.php, enabling unauthorized database query execution with limited confidentiality, integrity, and availability impact. Publicly available exploit code exists and the CVSS vector indicates proof-of-concept availability (E:P), though this is a low-severity vulnerability (CVSS 4.7) constrained by high administrative privilege requirements.
SQL injection in PHPGurukul News Portal Project 4.1 allows remote authenticated administrators to execute arbitrary SQL queries via the sadminusername parameter in /admin/add-subadmins.php. The vulnerability is publicly disclosed with exploit code available, though exploitation requires high-privilege admin access (PR:H) and carries low to moderate real-world risk despite a CVSS score of 4.7.
SQL injection in PHPGurukul News Portal Project 4.1 allows unauthenticated remote attackers to extract, modify, or delete database contents through the Comment parameter in /news-details.php. CVSS 7.3 severity with network-accessible attack vector requiring no authentication or user interaction. Publicly available exploit code exists. Attackers can compromise confidentiality, integrity, and availability of application data through crafted SQL payloads in comment submission functionality.
SQL injection in the News Portal Project 1.0 /admin/contactus.php endpoint allows unauthenticated remote attackers to manipulate the pagetitle parameter and execute arbitrary SQL queries. Public exploit code exists for this vulnerability, and no patch is currently available. Successful exploitation could enable data theft, modification, or denial of service against affected installations.
SQL injection in itsourcecode News Portal Project 1.0 via the Category parameter in /admin/add-category.php allows unauthenticated remote attackers to manipulate database queries. Public exploit code is available for this vulnerability, and no patch has been released, leaving affected installations vulnerable to data exfiltration, modification, or deletion. The attack requires no user interaction and can be executed over the network with a CVSS score of 7.3.
SQL injection in itsourcecode News Portal Project 1.0's category editing functionality allows unauthenticated remote attackers to manipulate the Category parameter and execute arbitrary SQL queries. Public exploit code is available for this vulnerability, increasing the likelihood of active exploitation. Currently, no patch is available to remediate this issue.
SQL injection in the News Portal Project 1.0 administrator login interface allows unauthenticated remote attackers to manipulate the email parameter and execute arbitrary database queries. Public exploit code exists for this vulnerability, and no patch is currently available. An attacker could exploit this to extract sensitive data, modify database contents, or potentially escalate privileges within the application.
SQL injection in the News Portal Project 1.0 admin panel (/admin/aboutus.php) allows authenticated attackers with high privileges to manipulate the pagetitle parameter and execute arbitrary SQL queries, potentially compromising database integrity and confidentiality. Public exploit code exists for this vulnerability, and no patch is currently available. The attack requires network access and valid administrative credentials but no user interaction.
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul News Portal Project 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul News Portal Project 4.1. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability has been found in PHPGurukul News Portal Project 4.1 and classified as critical. Rated medium severity (CVSS 6.9), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.