CVE-2026-5636 — Injection in Online Shopping Portal Project

CWE-74 — Injection CWE-89 — SQL Injection3 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.0%

top 98.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul Online Shopping Portal Project

Timeline

PublishedApr 6

Description

A weakness has been identified in PHPGurukul Online Shopping Portal Project 2.1. This affects an unknown part of the file /cancelorder.php of the component Parameter Handler. This manipulation of the argument oid causes sql injection. The attack may be initiated remotely. The exploit has been made available to the public and could be used for attacks.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages1 packages

▶CVEListV5phpgurukul/online_shopping_portal_project2.1

🔴Vulnerability Details

GHSA

GHSA-h6g8-c22x-m2px: A weakness has been identified in PHPGurukul Online Shopping Portal Project 2↗2026-04-06

▶

CVEList

PHPGurukul Online Shopping Portal Project Parameter cancelorder.php sql injection↗2026-04-06

▶