CRITICAL🇵🇱 Wersja polska

CVE-2025-69991

CVSS 9.8v3.1pub. 2026-01-13upd. 2026-01-16

phpgurukul News Portal Project V4.1 is vulnerable to SQL Injection in check_availablity.php.

🤖 AI Analysis
How it works

The vulnerability results from insufficient validation and sanitization of input data passed to SQL queries in the check_availablity.php file (CWE-89). An attacker can inject arbitrary SQL code over the network without needing to have an account or user interaction. A network attack vector with low complexity (AC:L, PR:N, UI:N) means that the exploit is trivial to perform by anyone with access to the application.

Impact

An attacker can gain full access to the database (read, modify, delete data), which includes potential theft of user data, passwords and portal content, as well as the ability to take control of the application or database server.

Mitigation & patch

Apply patches available from the manufacturer according to references. Until the fix is deployed, it is recommended to restrict access to the application and implement WAF (web application firewall) rules blocking SQL Injection attempts.

Who is affected

Phpgurukul News Portal Project version V4.1

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Phpgurukul News Portal

    APP
    Phpgurukul
    4.1
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLi
CWE
References

Related vulnerabilities

CVE-2025-69992CRITICAL9.8PL ✓ten sam produkt

Nieautoryzowany upload pliku dowolnego formatu w Phpgurukul News Portal

CVE-2025-69990CRITICAL9.1PL ✓ten sam produkt

Arbitrary File Deletion w Phpgurukul News Portal V4.1 (remove_file.php)

CVE-2025-4874MEDIUM6.9ten sam produkt

A vulnerability was found in PHPGurukul News Portal Project 4.1 and classified as critical. Affected by this i...

CVE-2025-4873MEDIUM6.9ten sam produkt

A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vuln...

CVE-2025-4880MEDIUM6.9ten sam produkt

A vulnerability has been found in PHPGurukul News Portal 4.1 and classified as critical. Affected by this vuln...