CVE-2026-5840

MEDIUM

PHPGurukul News Portal Project check_availability.php sql injection

Title source: cna

Description

A security flaw has been discovered in PHPGurukul News Portal Project 4.1. Impacted is an unknown function of the file /admin/check_availability.php. Performing a manipulation of the argument Username results in sql injection. Remote exploitation of the attack is possible. The exploit has been released to the public and may be used for attacks.

References (5)

Scores

CVSS v3 4.7
EPSS 0.0004
EPSS Percentile 10.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
PHPGurukul/News Portal Project 4.1
Published Apr 09, 2026
Tracked Since Apr 09, 2026