CVE-2025-26156

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal version 2.1

Description A SQL Injection issue was found in the /shopping/track-orders.php file, allowing remote attackers to execute arbitrary code via the orderid POST request parameter.

Recommendations For PHPGurukul Online Shopping Portal version 2.1, consider disabling the /shopping/track-orders.php file or restricting access to it until a patch is available. Avoid using the orderid parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.