Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
PHPGurukul Shopping Portal: SQL Injection in Order Details
CVE-2026-5606
Summary
The PHPGurukul Online Shopping Portal Project version 2.1 has a security weakness in its order details page. This means that an attacker could potentially access or manipulate sensitive customer data. To protect your site, update to the latest version of the software or apply the recommended fix.
Original title
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. ...
Original description
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the attack remotely.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 6 Apr 2026 · Updated: 6 Apr 2026 · First seen: 6 Apr 2026