Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
PHPGurukul Online Shopping Portal vulnerable to SQL injection
CVE-2026-5558
Summary
The PHPGurukul Online Shopping Portal's pending-orders feature has a security flaw that can allow an attacker to manipulate data using SQL injection. This means an attacker could potentially access sensitive information or disrupt the system. Updates to the portal are recommended to fix this issue.
Original title
A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This man...
Original description
A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.
nvd CVSS2.0
6.5
nvd CVSS3.1
6.3
nvd CVSS4.0
5.3
Vulnerability type
CWE-74
Injection
CWE-89
SQL Injection
Published: 5 Apr 2026 · Updated: 5 Apr 2026 · First seen: 5 Apr 2026