CVE-2026-5635

MEDIUM

PHPGurukul Online Shopping Portal Project Parameter categorywise-products.php sql injection

Title source: cna

Description

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

References (5)

Scores

CVSS v3 6.3
EPSS 0.0001
EPSS Percentile 1.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Details

CWE
CWE-74 CWE-89
Status published
Products (1)
PHPGurukul/Online Shopping Portal Project 2.1
Published Apr 06, 2026
Tracked Since Apr 06, 2026