Filtered by vendor Phpgurukul
Subscriptions
Filtered by product News Portal
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3767 | 1 Phpgurukul | 2 News Portal, News Portal Project | 2025-05-30 | 6.3 Medium |
| A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. This vulnerability affects unknown code of the file /admin/edit-post.php. The manipulation of the argument posttitle/category leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4873 | 1 Phpgurukul | 1 News Portal | 2025-05-21 | 7.3 High |
| A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4874 | 1 Phpgurukul | 1 News Portal | 2025-05-21 | 7.3 High |
| A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2025-4880 | 1 Phpgurukul | 1 News Portal | 2025-05-21 | 7.3 High |
| A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | ||||
| CVE-2021-37808 | 1 Phpgurukul | 1 News Portal | 2024-11-21 | 5.9 Medium |
| SQL Injection vulnerabilities exist in https://phpgurukul.com News Portal Project 3.1 via the (1) category, (2) subcategory, (3) sucatdescription, and (4) username parameters, the server response is about (N) seconds delay respectively which mean it is vulnerable to MySQL Blind (Time Based). An attacker can use sqlmap to further the exploitation for extracting sensitive information from the database. | ||||
Page 1 of 1.