A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRET_KEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack requires a high level of complexity. The exploitability is described as difficult. The exploit has been disclosed publicly and may be used.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| News_portal | Phpgurukul | 1.0 (including) | 1.0 (including) |
References
- https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md
- https://phpgurukul.com/
- https://vuldb.com/?ctiid.330909
- https://vuldb.com/?id.330909
- https://vuldb.com/?submit.678625
- https://github.com/NishantKumar-CSE/News-Portal-Python-Django-Project/blob/main/Hard-coded%20Cryptographic%20Key.md