CVE-2026-5839

MEDIUM

PHPGurukul News Portal Project add-subcategory.php sql injection

Title source: cna

Description

A vulnerability was identified in PHPGurukul News Portal Project 4.1. This issue affects some unknown processing of the file /admin/add-subcategory.php. Such manipulation of the argument sucatdescription leads to sql injection. The attack may be launched remotely. The exploit is publicly available and might be used.

References (5)

Scores

CVSS v3 4.7
EPSS 0.0004
EPSS Percentile 10.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
PHPGurukul/News Portal Project 4.1
Published Apr 09, 2026
Tracked Since Apr 09, 2026