CVE-2024-44660

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal version 2.0

Description The PHPGurukul Online Shopping Portal version 2.0 is susceptible to SQL Injection. This issue affects the login.php file and specifically involves the fullname, emailid, and contactno parameters. Exploitation occurs through these parameters, potentially allowing an attacker to manipulate database queries.

Recommendations Update to a newer version that contains a fix for this vulnerability. As a temporary workaround, sanitize the fullname, emailid, and contactno parameters in the login.php file to prevent SQL Injection attacks.