SQL Injection Vulnerability in PHPGurukul Online Shopping Portal
CVE-2024-44660

6.5MEDIUM

Key Information:

Vendor: PHPGurukul
Status: Online Shopping Portal
Vendor: CVE Published:; 17 November 2025

What is CVE-2024-44660?

The PHPGurukul Online Shopping Portal 2.0 is susceptible to a SQL injection flaw that can be exploited through the fullname, emailid, and contactno parameters in the login.php file. This vulnerability allows attackers to manipulate SQL queries, potentially compromising sensitive user data and the overall integrity of the application. Prompt action is recommended to mitigate the security risks associated with this issue.

References

https://phpgurukul.com/shopping-portal-free-download/

https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44...

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 17, 2025
Vulnerability Reserved
Aug 21, 2024

JSON