Zero Day MonitorZDM

← Back to list

6.3

CVE-2026-5552

phpgurukul · online shopping portal project

PHPGurukul Online Shopping Portal Project Parameter sub-category.php sql injection

Description

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This issue affects some unknown processing of the file /sub-category.php of the component Parameter Handler. This manipulation of the argument pid causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.

Affected Products

Vendor	Product	Versions
phpgurukul	online shopping portal project	2.1

References

Related News (2 articles)

Tier C

VulDB21h ago

VDB-355351 | PHPGurukul Online Shopping Portal Project 2.1 Parameter /order-details.php orderid sql injection

→ No new info (linked only)

Tier C

VulDB1d ago

CVE-2026-5552 | PHPGurukul Online Shopping Portal Project 2.1 Parameter /sub-category.php pid sql injection

→ No new info (linked only)

CVSS 3.16.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

CWECWE-89, CWE-74

PublishedApr 5, 2026

Last enriched5h ago

Tags

sql injectionremote exploitation

Trending Score0

Source articles1

Independent1

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

MEDIUMCVE-2026-5558

PHPGurukul PHPGurukul Online Shopping Portal Project Parameter pending-orders.php sql injection

MEDIUMCVE-2026-5560

PHPGurukul Online Shopping Portal Project Parameter payment-method.php sql injection

MEDIUMCVE-2026-5543

PHPGurukul User Registration & Login and User Management System yesterday-reg-users.php sql injection

HIGHCVE-2025-63611

Cross-Site Scripting in phpgurukul Hostel Management System v2.1 user-provided complaint fields (Explain the Complaint) submitted via /register-complaint.php are stored and rendered unescaped in the a

MEDIUMCVE-2025-67315

Cross Site Request Forgery vulnerability in Employee Leave Management System v.2.1 allows a remote attacker to escalate privileges via the manage-employee.php component

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 5, 2026

Discovered by ZDM

Apr 5, 2026