Phpgurukul Online Shopping Portal vulnerabilities

CVE-2025-65647 [MEDIUM] CWE-639 CVE-2025-65647: Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Po Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.

CVE-2024-44659 [CRITICAL] CWE-89 CVE-2024-44659: PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forg PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.

CVE-2024-44662 [MEDIUM] CWE-89 CVE-2024-44662: PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in t PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page.

CVE-2024-44664 [MEDIUM] CWE-89 CVE-2024-44664: PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php.

CVE-2024-44663 [MEDIUM] CWE-89 CVE-2024-44663: PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in se PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php.

CVE-2024-44660 [MEDIUM] CWE-89 CVE-2024-44660: PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.

CVE-2024-44661 [MEDIUM] CWE-79 CVE-2024-44661: PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity p PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php.

CVE-2025-52074 [MEDIUM] CWE-79 CVE-2025-52074: PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of inp PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the cart.

CVE-2025-57576 [MEDIUM] CWE-79 CVE-2025-57576: PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateor PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php.

CVE-2025-57148 [CRITICAL] CWE-434 CVE-2025-57148: phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-produc phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.

CVE-2025-5367 [MEDIUM] CWE-74 CVE-2025-5367: A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-5078 [MEDIUM] CWE-74 CVE-2025-5078: A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unkn A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing manipulation of the argument Category results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used.

CVE-2025-5079 [MEDIUM] CWE-74 CVE-2025-5079: A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerabi A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used.

CVE-2025-1855 [MEDIUM] CWE-74 CVE-2025-1855: A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. The attack can be launched remotely. The exploit has been disc

CVE-2025-1578 [MEDIUM] CWE-74 CVE-2025-1578: A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping Portal 2.1. This affects an unknown part of the file /search-result.php. The manipulation of the argument Product leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2024-10756 [MEDIUM] CWE-79 CVE-2024-10756: A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affect A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/html_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely.

CVE-2024-10747 [MEDIUM] CWE-79 CVE-2024-10747: A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This v A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_th.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has b

CVE-2024-10753 [MEDIUM] CWE-79 CVE-2024-10753: A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problema A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely

CVE-2024-10768 [MEDIUM] CWE-74 CVE-2024-10768: A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This v A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has be

CVE-2024-10757 [MEDIUM] CWE-79 CVE-2024-10757: A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping P A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/js_data.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched re