Zero Day MonitorZDM

← Back to list

6.3

CVE-2026-5635

phpgurukul · online shopping portal project

PHPGurukul Online Shopping Portal Project Parameter categorywise-products.php sql injection

Description

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

Affected Products

Vendor	Product	Versions
phpgurukul	online shopping portal project	2.1

References

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-5635 | PHPGurukul Online Shopping Portal Project 2.1 Parameter categorywise-products.php cid sql injection

→ No new info (linked only)

CVSS 3.16.3 NONE

CISA KEV❌ No

Actively exploited❌ No

CWECWE-89, CWE-74

PublishedApr 6, 2026

Last enriched1d ago

Trending Score25

Source articles1

Independent1

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

NONECVE-2026-5641

PHPGurukul Online Shopping Portal Project Parameter update-image1.php sql injection

NONECVE-2026-5636

PHPGurukul Online Shopping Portal Project Parameter cancelorder.php sql injection

NONECVE-2026-5639

PHPGurukul Online Shopping Portal Project Parameter update-image3.php sql injection

NONECVE-2026-5640

PHPGurukul Online Shopping Portal Project Parameter update-image2.php sql injection

NONECVE-2026-5583

PHPGurukul Online Shopping Portal Project Parameter my-profile.php sql injection

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 6, 2026

Discovered by ZDM

Apr 6, 2026