{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-12616","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-11-02T13:14:51.791Z","datePublished":"2025-11-03T04:02:06.308Z","dateUpdated":"2026-02-24T06:22:30.346Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2026-02-24T06:22:30.346Z"},"title":"PHPGurukul News Portal settings.py insertion of sensitive information into debugging code","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-215","lang":"en","description":"Insertion of Sensitive Information Into Debugging Code"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-200","lang":"en","description":"Information Disclosure"}]}],"affected":[{"vendor":"PHPGurukul","product":"News Portal","versions":[{"version":"1.0","status":"affected"}],"cpes":["cpe:2.3:a:phpgurukul:news_portal:*:*:*:*:*:*:*:*"]}],"descriptions":[{"lang":"en","value":"A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexity is rated as high. The exploitability is regarded as difficult. The exploit is now public and may be used."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":6.3,"vectorString":"CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":3.7,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.7,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":2.6,"vectorString":"AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR"}}],"timeline":[{"time":"2025-11-02T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-11-02T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-11-05T01:37:30.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"Nishant_Kumar (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.330910","name":"VDB-330910 | PHPGurukul News Portal settings.py insertion of sensitive information into debugging code","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.330910","name":"VDB-330910 | CTI Indicators (IOB, IOC, TTP, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.678649","name":"Submit #678649 | PHPGurukul News Portal using Python Django and MySQL 1.0 Insertion of Sensitive Information Into Debugging Code","tags":["third-party-advisory"]},{"url":"https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Information%20Disclosure%20via%20Debug%20Mode.md","tags":["exploit"]},{"url":"https://phpgurukul.com/","tags":["product"]}],"tags":["x_freeware"]},"adp":[{"references":[{"url":"https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Information%20Disclosure%20via%20Debug%20Mode.md","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-11-03T20:34:18.587633Z","id":"CVE-2025-12616","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-11-03T20:34:35.281Z"}}]}}