CVE-2025-61096

MEDIUM

PHPGurukul Online Shopping Portal Project <v2.1 - SQL Injection

Title source: llm

PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter.

Core 2

Core References

Exploit, Third Party Advisory

Not Applicable

CVSS v3 6.5

EPSS 0.0004

EPSS Percentile 11.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact total

CWE

CWE-89

Status published

Products (1)

phpgurukul/online_shopping_portal_project 2.1

Published Oct 02, 2025

Tracked Since Feb 18, 2026