PHPGurukul PHPGurukul Online Shopping Portal Project Parameter pending-orders.php sql injection

Description

A flaw has been found in PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1. Impacted is an unknown function of the file /pending-orders.php of the component Parameter Handler. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely. The exploit has been published and may be used.

Affected Products

Vendor	Product	Versions
phpgurukul	phpgurukul online shopping portal project	2.0, 2.1

References

https://vuldb.com/vuln/355328(vdb-entry, technical-description)
https://vuldb.com/vuln/355328/cti(signature, permissions-required)
https://vuldb.com/submit/782877(third-party-advisory)
https://github.com/f1rstb100d/CVE/issues/11(exploit, issue-tracking)
https://phpgurukul.com/(product)

Related News (1 articles)

Tier C

VulDB1d ago

CVE-2026-5558 | PHPGurukul PHPGurukul Online Shopping Portal Project up to 2.1 Parameter /pending-orders.php ID sql injection

→ No new info (linked only)

CVSS 3.16.3 MEDIUM

VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA KEV❌ No

Actively exploited❌ No

CWECWE-89, CWE-74

PublishedApr 5, 2026

Last enriched6h ago

Trending Score0

Source articles0

Independent0

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

PHPGurukul PHPGurukul Online Shopping Portal Project Parameter pending-orders.php sql injection

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (5)

Pin to Dashboard

Verification

Vulnerability Timeline