Platform
php
Component
csrf-add-subadmin-in-news-portal-project-in-php-and-mysql-in-phpgurukul
Fixed in
1.0.1
A cross-site request forgery (CSRF) vulnerability has been identified in PHPGurukul News Portal versions 1.0. This flaw allows attackers to trick authenticated users into performing actions they did not intend to, potentially leading to unauthorized modifications or data breaches. A public exploit is available, increasing the risk of immediate exploitation. A fix is pending release from the vendor.
The CSRF vulnerability in PHPGurukul News Portal allows an attacker to craft malicious requests that appear to originate from a legitimate user. If a user is logged into the portal and visits a crafted link or website, the attacker can execute actions on their behalf, such as creating or modifying content, changing user settings, or performing administrative tasks. The potential impact ranges from defacement of the news portal to unauthorized access to sensitive user data, depending on the permissions of the affected user. The availability of a public exploit significantly elevates the risk, as attackers can readily leverage it to target vulnerable installations.
A public proof-of-concept (PoC) for CVE-2026-1142 is available, indicating a high probability of exploitation. The vulnerability was disclosed on 2026-01-19. It is not currently listed on the CISA KEV catalog, but its public nature warrants close monitoring. Attackers are likely to rapidly adapt and deploy the PoC in automated attacks.
Exploit Status
EPSS
0.06% (17% percentile)
CISA SSVC
CVSS Vector
Due to the lack of a patch, immediate mitigation strategies are crucial. Implement strict input validation and output encoding to prevent malicious data from being processed. Consider using a Content Security Policy (CSP) to restrict the sources from which the portal can load resources, reducing the attack surface. Implement double opt-in for sensitive actions, requiring users to confirm their intent before changes are made. Monitor access logs for suspicious activity and unusual request patterns. While a direct fix is unavailable, these workarounds can significantly reduce the risk of exploitation until a patch is released.
Update to a patched version or apply the security measures recommended by the vendor to mitigate the Cross-Site Request Forgery (CSRF) vulnerability. Consult the vendor's website for more information.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-1142 is a cross-site request forgery (CSRF) vulnerability affecting PHPGurukul News Portal version 1.0, allowing attackers to perform actions as authenticated users.
If you are running PHPGurukul News Portal version 1.0, you are potentially affected by this vulnerability. Immediate mitigation steps are recommended.
A patch is currently unavailable. Implement mitigation strategies such as input validation, CSP, and double opt-in for sensitive actions until a fix is released.
A public exploit exists, indicating a high probability of active exploitation. Monitor your systems closely.
Check the PHPGurukul website and security mailing lists for updates and advisories regarding CVE-2026-1142.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.