PHPGurukul Online Shopping Portal Project Parameter payment-method.php sql injection

Description

A vulnerability was found in PHPGurukul Online Shopping Portal Project 2.1. The impacted element is an unknown function of the file /payment-method.php of the component Parameter Handler. Performing a manipulation of the argument paymethod results in sql injection. It is possible to initiate the attack remotely. The exploit has been made public and could be used.

Affected Products

Vendor	Product	Versions
phpgurukul	online shopping portal project	2.1

References

https://vuldb.com/vuln/355330(vdb-entry, technical-description)
https://vuldb.com/vuln/355330/cti(signature, permissions-required)
https://vuldb.com/submit/782932(third-party-advisory)
https://github.com/f1rstb100d/CVE/issues/12(exploit, issue-tracking)
https://phpgurukul.com/(product)

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-5560 | PHPGurukul Online Shopping Portal Project 2.1 Parameter /payment-method.php paymethod sql injection

→ No new info (linked only)

CVSS 3.16.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

CWECWE-89, CWE-74

PublishedApr 5, 2026

Last enriched5h ago

Trending Score0

Source articles0

Independent0

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

PHPGurukul Online Shopping Portal Project Parameter payment-method.php sql injection

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline