CVE-2026-1142
Cross-Site Request Forgery in PHPGurukul News Portal
Publication date: 2026-01-19
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | news_portal | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized creation of sub-admin accounts, allowing attackers to gain privileged access to the news portal's administrative functions. This can result in privilege abuse, unauthorized changes, and potentially full compromise of the admin panel's integrity and control over the system. [2, 3]
Can you explain this vulnerability to me?
CVE-2026-1142 is a Cross-Site Request Forgery (CSRF) vulnerability in PHPGurukul News Portal version 1.0. It exists because the admin endpoint responsible for creating sub-admin accounts lacks anti-CSRF protections such as CSRF tokens or origin validation. An attacker can craft a malicious HTML page that, when visited by an authenticated admin user, automatically submits a forged POST request to create sub-admin accounts without the victim's knowledge or consent. This allows unauthorized privileged account creation and compromises the integrity of the admin panel. [2, 3, 4]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for unauthorized POST requests to the admin endpoint `/news/admin/add-subadmins.php` that create sub-admin accounts without proper CSRF tokens or origin validation. Detection can involve inspecting web server logs for suspicious POST requests to this endpoint, especially those lacking valid CSRF tokens or coming from unexpected referers. Additionally, reviewing HTTP requests for forged parameters such as `sadminusername` and `pwd` used in the exploit can help identify attempts. Specific commands might include using tools like `grep` on server logs to find POST requests to the vulnerable endpoint, for example: `grep 'POST /news/admin/add-subadmins.php' /var/log/apache2/access.log` or using web application firewalls (WAF) to detect and block CSRF attack patterns. [2, 3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing anti-CSRF protections such as adding CSRF tokens to all state-changing requests, especially the POST requests to `/news/admin/add-subadmins.php`. Additionally, validate user roles server-side before processing any admin actions to ensure only authorized users can perform these operations. Reject any requests that lack valid CSRF tokens or come from invalid origins. If patching is not immediately possible, restrict access to the vulnerable admin endpoint via network controls or web application firewall rules to block unauthorized requests. Monitoring and alerting on suspicious activity targeting this endpoint is also recommended. [3]