What is CVE-2026-1424?

CVE-2026-1424 is a medium-severity vulnerability in Phpgurukul News Portal, classified under Improper Access Control. CVSS score: 4.7/10. Published 2026-01-26.

How severe is CVE-2026-1424?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Arbitrary file upload in Phpgurukul News Portal

CVE-2026-1424

A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is…

EPSS: 0.000 (7.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L.

Affected products

Phpgurukul News Portal — versions 1.0
Phpgurukul News_portal — versions 1.0

Weakness classification (CWE)

References

VDB-342840 | PHPGurukul News Portal Profile Pic unrestricted upload (technical-description, Third Party Advisory, VDB Entry, vdb-entry)
VDB-342840 | CTI Indicators (IOB, IOC, TTP) (signature, Permissions Required, permissions-required, VDB Entry)
Submit #736637 | PHPGurukul News Portal v1.0 Cross Site Scripting (Third Party Advisory, VDB Entry, third-party-advisory)
cna@vuldb.com (Exploit, Third Party Advisory, exploit, Mitigation)
cna@vuldb.com (Product, product)

Frequently asked questions

What is CVE-2026-1424?: CVE-2026-1424 is a medium-severity vulnerability in Phpgurukul News Portal, classified under Improper Access Control. CVSS score: 4.7/10. Published 2026-01-26.
How severe is CVE-2026-1424?: Medium severity. CVSS v3 base score is 4.7 out of 10.