SQL Injection Vulnerability in PHPGurukul Online Shopping Portal 2.0
CVE-2024-44663

6.5MEDIUM

Key Information:

Vendor

PHPGurukul
Status
Online Shopping Portal
Vendor
CVE Published:
17 November 2025

What is CVE-2024-44663?

The PHPGurukul Online Shopping Portal 2.0 has a vulnerability that allows an attacker to exploit SQL injection through the product parameter in search-result.php. This flaw can enable unauthorized access to sensitive data within the database, potentially allowing attackers to manipulate or retrieve information stored in the system. It is crucial for users of this portal to apply security patches and follow best practices to mitigate the risks posed by this vulnerability.

References

https://phpgurukul.com/shopping-portal-free-download/
https://github.com/leexsoyoung/CVEs/blob/main/CVE-2024-44...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-44663 : SQL Injection Vulnerability in PHPGurukul Online Shopping Portal 2.0