Primary

Context

phpgurukul News Portal Arbitrary File Deletion Vulnerability

Vulnerability

An arbitrary file deletion vulnerability has been identified in phpGurukul News Portal Project version 4.1, specifically within the remove_file.php script. The vulnerability arises because the 'file' parameter can be manipulated to delete any file on the server. This issue does not require user authentication, allowing attackers to exploit it freely.

Impact

Exploitation of this vulnerability allows for the unauthorized deletion of files on the server, which could disrupt or crash the business system.

Reproduction

To reproduce this vulnerability, send a POST request to '/plugins/jquery.filer/php/remove_file.php' with the 'file' parameter set to a file path that points to a file within the server's directory structure, such as a text file created in the root directory.

Added: Jan 13, 2026, 5:19 PM

Updated: Jan 13, 2026, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

8.7

remediation

0.0

relevance

2.0

threat

6.4

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

phpgurukul News Portal Arbitrary File Deletion Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating