Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
PHPGurukul Online Shopping Portal Project 2.1: SQL Injection in sub-category.php
CVE-2026-5552
Summary
The PHPGurukul Online Shopping Portal Project 2.1 has a security weakness in its sub-category.php file. This could allow an attacker to access sensitive information in the database. We recommend updating to the latest version to fix this issue.
Original title
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This ma...
Original description
A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026