A vulnerability was identified in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /admin/add-subadmins.php of the component Add Sub-Admin Page. Such manipulation leads to improper authorization. The attack can be launched remotely. The exploit is publicly available and might be used.
References
| Link | Resource |
|---|---|
| https://github.com/Asim-QAZi/BrokenAccessControl-News-Portal-Project-in-PHP-and-MySQL-in-PHPGurukul | Exploit Mitigation Third Party Advisory |
| https://phpgurukul.com/ | Product |
| https://vuldb.com/?ctiid.341733 | Permissions Required VDB Entry |
| https://vuldb.com/?id.341733 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.735483 | Third Party Advisory VDB Entry |
Configurations
History
27 Jan 2026, 19:51
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Phpgurukul news Portal
Phpgurukul |
|
| References | () https://github.com/Asim-QAZi/BrokenAccessControl-News-Portal-Project-in-PHP-and-MySQL-in-PHPGurukul - Exploit, Mitigation, Third Party Advisory | |
| References | () https://phpgurukul.com/ - Product | |
| References | () https://vuldb.com/?ctiid.341733 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.341733 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.735483 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:a:phpgurukul:news_portal:1.0:*:*:*:*:*:*:* |
19 Jan 2026, 07:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-19 07:16
Updated : 2026-01-27 19:51
NVD link : CVE-2026-1141
Mitre link : CVE-2026-1141
CVE.ORG link : CVE-2026-1141
JSON object : View
Products Affected
phpgurukul
- news_portal