MEDIUM🇵🇱 Wersja polska

CVE-2025-4874

CVSS 6.9v4.0pub. 2025-05-18upd. 2025-05-21

A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/contactus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  • Phpgurukul News Portal

    APP
    Phpgurukul
    4.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-69992CRITICAL9.8PL ✓ten sam produkt

Nieautoryzowany upload pliku dowolnego formatu w Phpgurukul News Portal

CVE-2025-69991CRITICAL9.8PL ✓ten sam produkt

SQL Injection w Phpgurukul News Portal V4.1 (check_availablity.php)

CVE-2025-69990CRITICAL9.1PL ✓ten sam produkt

Arbitrary File Deletion w Phpgurukul News Portal V4.1 (remove_file.php)

CVE-2025-4880MEDIUM6.9ten sam produkt

A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vuln...

CVE-2025-4873MEDIUM6.9ten sam produkt

A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vuln...