CVE-2026-5640 | PHPGurukul Online Shopping Portal Project 2.1 Parameter /admin/update-image2.php filename sql injection

Inserito da Angelo Barbosa | Apr 5, 2026 | CVE

A vulnerability identified as critical has been detected in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /admin/update-image2.php of the component Parameter Handler. The manipulation of the argument filename leads to sql injection.

This vulnerability is uniquely identified as CVE-2026-5640. The attack is possible to be carried out remotely. Moreover, an exploit is present.

CVE-2026-5640 | PHPGurukul Online Shopping Portal Project 2.1 Parameter /admin/update-image2.php filename sql injection

Post correlati

CVE-2025-15070 | Gmission Web Fax up to 3.x information disclosure

CVE-2024-1525 | GitLab Community Edition/Enterprise Edition up to 16.7.5/16.8.2/16.9.0 Secondary Email access control (Issue 438144)

CVE-2024-32572 | BdThemes Element Pack Elementor Addons Plugin up to 5.6.0 on WordPress cross site scripting

CVE-2023-47846 | Terry Lin WP Githuber MD Plugin up to 1.16.2 on WordPress unrestricted upload