Description
A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Published: 2026-01-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Cross‑Site Request Forgery enabling unauthorized actions within the News Portal
Action: Apply Patch
AI Analysis

Impact

A security flaw exists in an unknown function of PHPGurukul News Portal 1.0 that accepts manipulated input and triggers cross‑site request forgery. An attacker can forge state‑changing requests from an authenticated user, allowing arbitrary data modification or privilege escalation. The weakness aligns with CWE‑352 and indicates that request integrity was not validated.

Affected Systems

The flaw affects PHPGurukul News Portal version 1.0, the only release identified in the advisory. The product is hosted on the PHPGurukul website and its source code is publicly available.

Risk and Exploitability

The CVSS base score is 5.3, indicating moderate risk. The EPSS score is below 1%, suggesting a low likelihood of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Remote exploitation is possible through web requests, so the attack vector is believed to be network.

Generated by OpenCVE AI on April 18, 2026 at 05:19 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available patch or upgrade to a later release of PHPGurukul News Portal
  • Implement CSRF protection, such as synchronizer tokens or same‑site cookies, to guard against forged requests
  • Disable or remove the vulnerable function in the codebase if patch or upgrade is not feasible

Generated by OpenCVE AI on April 18, 2026 at 05:19 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 23 Feb 2026 08:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phpgurukul:news_portal:*:*:*:*:*:*:*:*

Tue, 27 Jan 2026 20:00:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:phpgurukul:news_portal:1.0:*:*:*:*:*:*:*

Tue, 20 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Phpgurukul
Phpgurukul news Portal
Vendors & Products Phpgurukul
Phpgurukul news Portal

Mon, 19 Jan 2026 06:45:00 +0000

Type Values Removed Values Added
Description A security flaw has been discovered in PHPGurukul News Portal 1.0. The impacted element is an unknown function. Performing a manipulation results in cross-site request forgery. The attack may be initiated remotely. The exploit has been released to the public and may be used for attacks.
Title PHPGurukul News Portal cross-site request forgery
Weaknesses CWE-352
CWE-862
References
Metrics cvssV2_0

{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Phpgurukul News Portal
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-02-23T08:43:11.586Z

Reserved: 2026-01-18T07:36:46.643Z

Link: CVE-2026-1142

cve-icon Vulnrichment

Updated: 2026-01-20T21:27:18.451Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-19T07:16:22.457

Modified: 2026-04-29T01:00:01.613

Link: CVE-2026-1142

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:30:25Z

Weaknesses