PT-2026-30581 · Phpgurukul · Phpgurukul Online Shopping Portal Project
F1Rstb100D
·
Published
2026-04-06
·
Updated
2026-04-06
·
CVE-2026-5636
CVSS v2.0
6.5
Medium
| AV:N/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHPGurukul Online Shopping Portal Project version 2.1
Description
A weakness exists in PHPGurukul Online Shopping Portal Project 2.1 related to SQL injection. The issue is located in the
/cancelorder.php file within the Parameter Handler component. Manipulation of the oid argument can lead to SQL injection, potentially allowing remote attackers to exploit the system. The exploit has been publicly released.Recommendations
Update to a newer version of PHPGurukul Online Shopping Portal Project that addresses this issue. As a temporary workaround, restrict access to the
/cancelorder.php file.Exploit
Fix
SQL injection
Special Elements Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpgurukul Online Shopping Portal Project