NEXTGUARD
UNKNOWNCVE-2026-5639

PHPGurukul Online Shopping Portal Project Parameter update-image3.php sql injection

Platform

php

Component

phpgurukul-online-shopping-portal-project

View on NVD

A flaw has been found in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be used.

How to fix

Actualice el proyecto PHPGurukul Online Shopping Portal Project a una versión corregida.  Verifique y sanee las entradas del usuario, especialmente el parámetro 'filename', para prevenir la inyección SQL.  Implemente validación y escape adecuados de los datos antes de utilizarlos en consultas SQL.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free