PHPGurukul News Portal 1.0 Debug Code Injection CVE-2025-12616
CVE-2025-12616 Published on November 3, 2025
PHPGurukul News Portal settings.py insertion of sensitive information into debugging code
A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used.
Timeline
Advisory disclosed
VulDB entry created
VulDB entry last update 3 days later.
Weakness Types
Insertion of Sensitive Information Into Debugging Code
The application inserts sensitive information into debugging code, which could expose this information if the debugging code is not disabled in production. When debugging, it may be necessary to report detailed information to the programmer. However, if the debugging code is not disabled when the application is operating in a production environment, then this sensitive information may be exposed to attackers.
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2025-12616 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2025-12616
Want to know whenever a new CVE is published for PHPGurukul News Portal? stack.watch will email you.
Affected Versions
PHPGurukul News Portal Version 1.0 is affected by CVE-2025-12616Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.