CVE-2025-69992

Published: Jan 13, 2026Modified: Jan 16, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

phpgurukul News Portal Project V4.1 has File Upload Vulnerability via upload.php, which enables the upload of files of any format to the server without identity authentication.

Affected (1)

Products: Phpgurukul: News Portal

Phpgurukul

1 product

News Portal

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpgurukul News Portal	Version 4.1

Related CWEs

CWE-125

Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

References (1)

https://github.com/Y4y17/CVE/blob/main/News%20Portal%20Project/File%20upload%20vulnerability.md

Source: cve@mitre.org

ExploitThird Party Advisory

Timeline

No history available yet.