PHPGurukul News Portal
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in PHPGurukul News Portal.
By the Year
In 2026 there have been 4 vulnerabilities in PHPGurukul News Portal with an average score of 6.1 out of ten. Last year, in 2025 News Portal had 7 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in News Portal in 2026 could surpass last years number. Last year, the average CVE base score was greater by 2.14
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 4 | 6.10 |
| 2025 | 7 | 8.24 |
| 2024 | 1 | 8.80 |
| 2023 | 0 | 0.00 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 5.90 |
It may take a day or so for new News Portal vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent PHPGurukul News Portal Security Vulnerabilities
PHPGurukul News Portal 1.0 - Unrestricted File Upload via Profile Pic Handler
CVE-2026-1424
4.7 - Medium
- January 26, 2026
A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
Unrestricted File Upload
XSRF via unknown function in PHPGurukul News Portal 1.0
CVE-2026-1142
4.3 - Medium
- January 19, 2026
A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Session Riding
PHPGurukul 1.0 Add Sub-Admin Page Improper Auth (Remote)
CVE-2026-1141
6.3 - Medium
- January 19, 2026
A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly available and might be used.
AuthZ
phpgurukul News Portal V4.1 Arbitrary File Deletion via remove_file.php
CVE-2025-69990
9.1 - Critical
- January 13, 2026
phpgurukul News Portal Project V4.1 has an Arbitrary File Deletion Vulnerability in remove_file.php. The parameter file can cause any file to be deleted.
Files or Directories Accessible to External Parties
PHPGurukul News Portal 1.0 Debug Code Injection CVE-2025-12616
CVE-2025-12616
3.7 - Low
- November 03, 2025
A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used.
Insertion of Sensitive Information Into Debugging Code
PHPGurukul News Portal 1.0 Hard-Coded SECRET_KEY via settings.py
CVE-2025-12615
5 - Medium
- November 03, 2025
A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.
Use of Hard-coded Cryptographic Key
Critical SQLi in PHPGurukul News Portal 4.1 (/admin/edit-subcategory.php)
CVE-2025-5251
9.8 - Critical
- May 27, 2025
A vulnerability was found in PHPGurukul News Portal Project 4.1. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi in PHPGurukul News Portal 4.1 /admin/aboutus.php
CVE-2025-4880
9.8 - Critical
- May 18, 2025
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul NP 4.1 SQLi in admin/contactus.php pagetitle
CVE-2025-4874
9.8 - Critical
- May 18, 2025
A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
PHPGurukul News Portal 4.1 Login /admin/index.php SQLi Remote Exploit
CVE-2025-4873
9.8 - Critical
- May 18, 2025
A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi in PHPGurukul News Portal 4.1 via login.php id param
CVE-2025-1859
9.8 - Critical
- March 03, 2025
A vulnerability, which was classified as critical, has been found in PHPGurukul News Portal 4.1. This issue affects some unknown processing of the file /login.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Critical SQLi in PHPGurukul News Portal 4.1 via /admin/edit-post.php
CVE-2024-3767
8.8 - High
- April 15, 2024
A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1
CVE-2021-37808
5.9 - Medium
- October 27, 2021
SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database.
SQL Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for PHPGurukul News Portal or by PHPGurukul? Click the Watch button to subscribe.
