SQL Injection Vulnerability in PHPGurukul Online Shopping Portal 2.1
CVE-2026-5606

5.3MEDIUM

Key Information:

Vendor

PHPgurukul
Status
Online Shopping Portal Project
Vendor
CVE Published:
6 April 2026

What is CVE-2026-5606?

A security flaw exists in the PHPGurukul Online Shopping Portal version 2.1, specifically in the /order-details.php file's parameter handling function. This vulnerability allows attackers to manipulate the 'orderid' argument, leading to potential SQL injection attacks that can be executed remotely. Such an exploit poses significant risks to the integrity and security of the database and may allow unauthorized access to sensitive data.

Affected Version(s)

Online Shopping Portal Project 2.1

References

https://vuldb.com/vuln/355351
vdb-entrytechnical-description
https://vuldb.com/vuln/355351/cti
signaturepermissions-required
https://vuldb.com/submit/784009
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.