CVE-2024-9326

HIGH

PHPGurukul Online Shopping Portal 2.0 - SQL Injection via Admin Panel Username Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-9326. PoCs published by ghostwirez.

AI-analyzed exploit summary This PoC script automates SQL injection exploitation for CVE-2024-9326 in PHPGurukul Online Shopping Portal v2.0 by injecting a payload into the login form to bypass authentication. It checks for successful login by detecting the presence of 'change-password.php' in the response.

Description

A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

nomisec WORKING POC

by ghostwirez · poc

https://github.com/ghostwirez/CVE-2024-9326-PoC

View Code ZIP pw:eip

This PoC script automates SQL injection exploitation for CVE-2024-9326 in PHPGurukul Online Shopping Portal v2.0 by injecting a payload into the login form to bypass authentication. It checks for successful login by detecting the presence of 'change-password.php' in the response.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: PHPGurukul Online Shopping Portal v2.0

No auth needed

Prerequisites: Target URL of the vulnerable admin login page · Network access to the target

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Permissions Required vdb-entry technical-description

https://vuldb.com/?id.278830

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.278830

Third Party Advisory third-party-advisory

https://vuldb.com/?submit.414058

Exploit, Third Party Advisory exploit

https://hackmd.io/@SeaWind/ryBv7CGCR

Product product

https://phpgurukul.com/

Scores

CVSS v3 7.3

EPSS 0.0140

EPSS Percentile 69.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

phpgurukul/online_shopping_portal 2.0

Published Sep 29, 2024

Tracked Since Feb 18, 2026