Description
A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Published: 2026-04-09
Score: 5.1 Medium
EPSS: n/a
KEV: No
Impact: Remote SQL Injection
Action: Patch Immediately
AI Analysis

Impact

The vulnerability resides in the add-subadmins.php file of PHPGurukul News Portal Project version 4.1. An attacker can manipulate the sadminusername parameter to inject arbitrary SQL. This flaw allows unauthorized retrieval, modification, or deletion of database contents and can enable privilege escalation on the application. The impact is a compromise of data confidentiality, integrity, and possibly availability.

Affected Systems

PHPGurukul News Portal Project, version 4.1.

Risk and Exploitability

The CVSS score of 5.1 indicates moderate severity. The EPSS score is not reported and the vulnerability is not listed in the CISA KEV catalog. Exploitation can be initiated remotely via HTTP requests to /admin/add-subadmins.php with a crafted sadminusername value. If the application is publicly accessible, attackers can easily trigger the injection without additional prerequisites.

Generated by OpenCVE AI on April 9, 2026 at 05:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest patch or version update for PHPGurukul News Portal Project that addresses the SQL injection in add‑subadmins.php.
  • If an update is unavailable, restrict access to /admin/add-subadmins.php to authorized administrative IP addresses or enforce strong authentication before allowing access to that endpoint.
  • Implement input validation or parameterized queries for the sadminusername field to eliminate the possibility of SQL injection.
  • Deploy a web application firewall capable of detecting and blocking anomalous SQL injection payloads.

Generated by OpenCVE AI on April 9, 2026 at 05:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Apr 2026 04:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was determined in PHPGurukul News Portal Project 4.1. This vulnerability affects unknown code of the file /admin/add-subadmins.php. This manipulation of the argument sadminusername causes sql injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized.
Title PHPGurukul News Portal Project add-subadmins.php sql injection
First Time appeared Phpgurukul
Phpgurukul news Portal Project
Weaknesses CWE-74
CWE-89
CPEs cpe:2.3:a:phpgurukul:news_portal_project:*:*:*:*:*:*:*:*
Vendors & Products Phpgurukul
Phpgurukul news Portal Project
References
Metrics cvssV2_0

{'score': 5.8, 'vector': 'AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 4.7, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 4.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Phpgurukul News Portal Project
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-04-09T03:30:14.593Z

Reserved: 2026-04-08T17:32:13.988Z

Link: CVE-2026-5838

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-04-09T05:16:05.580

Modified: 2026-04-09T05:16:05.580

Link: CVE-2026-5838

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-09T08:25:02Z

Weaknesses