Phpgurukul: >> Online Shopping Portal >> 3.1 Security Vulnerabilities
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.
CVSS Score
8.8
EPSS Score
0.036
Published
2023-08-18
Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.
CVSS Score
8.8
EPSS Score
0.003
Published
2023-08-01
Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-18
An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-27