PT-2026-2576 · Phpgurukul · Phpgurukul News Portal Project
Published
2026-01-13
·
Updated
2026-01-13
·
CVE-2025-69990
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
phpgurukul News Portal Project version 4.1
Description
The phpgurukul News Portal Project version 4.1 contains a flaw in the
remove file.php script that allows for arbitrary file deletion. The file parameter can be manipulated to delete any file on the system.Recommendations
Apply a fix to the
remove file.php script to prevent unauthorized file deletion through the file parameter.Exploit
Fix
Files Accessible to External Parties
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpgurukul News Portal Project