CVE-2025-12615
BaseFortify
Publication date: 2025-11-03
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | news_portal | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-320 | Key Management Errors |
| CWE-321 | The product uses a hard-coded, unchangeable cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in PHPGurukul News Portal 1.0, specifically in an unknown function within the file /onps/settings.py. It involves manipulation of the argument SECRET_KEY, which leads to the use of a hard-coded cryptographic key. This means that the cryptographic key is fixed and not dynamically generated or securely managed, potentially allowing attackers to exploit this weakness remotely. The attack is considered difficult to perform and requires a high level of complexity.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker could potentially exploit the hard-coded cryptographic key to compromise the security of the application. This could lead to unauthorized access, data exposure, or other security breaches. However, the exploitability is difficult and requires a high level of complexity, which may limit the likelihood of successful attacks.