CVE-2026-5635 — Injection in Online Shopping Portal Project

CWE-74 — Injection CWE-89 — SQL Injection3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 98.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Online Shopping Portal Project

Timeline

PublishedApr 6

Description

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5phpgurukul/online_shopping_portal_project2.1

🔴Vulnerability Details

GHSA

GHSA-3f67-8v72-vm9p: A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2↗2026-04-06

▶

CVEList

PHPGurukul Online Shopping Portal Project Parameter categorywise-products.php sql injection↗2026-04-06

▶