A vulnerability categorized as critical has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Impacted is an unknown function of the file /admin/update-image3.php of the component Parameter Handler. Executing a manipulation of the argument filename can lead to sql injection.
This vulnerability is handled as CVE-2026-5639. The attack can be executed remotely. Additionally, an exploit exists.
