Phpgurukul: >> Online Shopping Portal Security Vulnerabilities
Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-11-25
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-17
PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-17
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-17
PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the cart.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-09-12
PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-09-04
phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-09-03
Page 1