PT-2026-30590 · Phpgurukul · Phpgurukul Online Shopping Portal Project

F1Rstb100D

Published

2026-04-06

Updated

2026-04-06

CVE-2026-5641

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHPGurukul Online Shopping Portal Project version 2.1

Description A SQL injection issue exists in PHPGurukul Online Shopping Portal Project 2.1. The issue is located in the /admin/update-image1.php file, within a component identified as the Parameter Handler. Manipulation of the filename argument can lead to SQL injection. The attack can be performed remotely and the exploit has been made public.

Recommendations Update to a newer version that contains a fix for this vulnerability.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-5641

Affected Products

Phpgurukul Online Shopping Portal Project

PT-2026-30590 · Phpgurukul · Phpgurukul Online Shopping Portal Project

CVE-2026-5641

Weakness Enumeration

Related Identifiers

Affected Products

References · 9