CVE-2025-26156 | PHPGurukul Online Shopping Portal 2.1 POST Request Parameter track-orders.php orderid sql injection

Inserito da Angelo Barbosa | Feb 14, 2025 | CVE

A vulnerability has been found in PHPGurukul Online Shopping Portal 2.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /shopping/track-orders.php of the component POST Request Parameter Handler. The manipulation of the argument orderid leads to sql injection.

This vulnerability is known as CVE-2025-26156. The attack can be launched remotely. There is no exploit available.

CVE-2025-26156 | PHPGurukul Online Shopping Portal 2.1 POST Request Parameter track-orders.php orderid sql injection

Post correlati

CVE-2024-47041 | Google Android kernel syscall.c valid_address out-of-bounds

CVE-2023-52123 | WPChill Strong Testimonials Plugin up to 3.1.10 on WordPress cross-site request forgery

CVE-2023-52100 | Huawei HarmonyOS 4.0.0 Celia Keyboard Module access control

CVE-2025-20049 | Dario Health Dario Application Database and Internet-based Server Infrastructure Portal Service cross site scripting (icsma-25-058-01)