Platform
php
Component
phpgurukul-online-shopping-portal-project
Fixed in
2.1.1
CVE-2026-5635 represents a SQL Injection vulnerability identified within the PHPGurukul Online Shopping Portal Project, specifically impacting version 2.1. This flaw allows attackers to inject malicious SQL code through the manipulation of the 'cid' parameter within the /categorywise-products.php file, potentially enabling unauthorized data access or modification. The vulnerability is remotely exploitable and an exploit is publicly available, increasing the risk of active attacks.
A SQL injection vulnerability has been discovered in the PHPGurukul Online Shopping Portal Project 2.1. The vulnerability resides within the /categorywise-products.php file, specifically within the Parameter Handler component, due to improper handling of the cid argument. This allows a remote attacker to execute arbitrary SQL queries, potentially leading to data breaches, modification, or deletion. Sensitive information such as user data, product details, and order history could be compromised. The vulnerability is rated as 6.3 on the CVSS scale. Successful exploitation could severely compromise the integrity and confidentiality of the system, damaging customer trust and business reputation.
The vulnerability has been publicly disclosed, meaning attackers are already aware of how to exploit it. This significantly increases the risk of targeted attacks against systems running the vulnerable version of the Online Shopping Portal Project. The remote nature of the vulnerability means attackers can exploit it from anywhere with internet access. Immediate action is strongly advised to mitigate the risk, as active exploitation is likely. The lack of an official patch exacerbates the situation, making manual mitigation even more critical.
Exploit Status
EPSS
0.01% (1% percentile)
CISA SSVC
CVSS Vector
Currently, no official fix has been released by PHPGurukul for this vulnerability. The immediate and most effective mitigation is to temporarily disable the affected functionality within /categorywise-products.php until an update is available. Thorough code auditing is strongly recommended to identify and address any other potential SQL injection vulnerabilities. Robust input validation and sanitization of all user inputs, especially those used in SQL queries, is crucial. Consider using prepared statements or stored procedures to prevent SQL injection. Actively monitor server logs for suspicious activity.
Actualice el proyecto PHPGurukul Online Shopping Portal Project a una versión corregida. Verifique y sanee todas las entradas del usuario, especialmente el parámetro 'cid', para prevenir inyecciones SQL. Implemente consultas parametrizadas o procedimientos almacenados para interactuar con la base de datos de forma segura.
Vulnerability analysis and critical alerts directly to your inbox.
SQL injection is a security vulnerability that allows attackers to insert malicious SQL code into SQL queries, potentially granting them unauthorized access to data or modifying the database.
Conduct a security audit of your website, paying particular attention to the /categorywise-products.php file and how input parameters are handled. Utilize vulnerability scanning tools to identify potential issues.
Immediately isolate the affected system from the network. Conduct a forensic investigation to determine the scope of the compromise. Restore data from a clean backup. Implement additional security measures to prevent future attacks.
Several vulnerability scanning tools and static code analysis tools can help identify and correct SQL injection vulnerabilities. You may also consider using a web application firewall (WAF).
You can find more information about CVE-2026-5635 in security vulnerability databases, such as the National Vulnerability Database (NVD) from NIST.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.