CVE-2026-1141

MEDIUM

Phpgurukul News Portal - Improper Authorization

Title source: rule

Description

A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly available and might be used.

References (6)

[Permissions Required, VDB Entry] https://vuldb.com/?submit.736668

[Exploit, Mitigation, Third Party Advisory] https://github.com/Asim-QAZi/BrokenAccessControl-News-Portal-Project-in-PHP-and-MySQL-in-PHPGurukul

View Exploit ZIP pw:eip

[Product] https://phpgurukul.com/

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.341733

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.341733

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.735483

Scores

CVSS v3 6.3

EPSS 0.0007

EPSS Percentile 21.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Classification

CWE

CWE-266 CWE-285

Status published

Affected Products (1)

phpgurukul/news_portal

Timeline

Published Jan 19, 2026

Tracked Since Feb 18, 2026