Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
PHPGurukul Online Shopping Portal: SQL Injection in Payment Processing
CVE-2026-5560
Summary
An attacker can inject malicious SQL code into the payment processing system of PHPGurukul Online Shopping Portal, potentially allowing them to access sensitive data or take control of the system. This vulnerability can be exploited remotely by an attacker and has already been made public, so it's essential to update the software as soon as possible to prevent unauthorized access.
Original title
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performin...
Original description
A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026