PHPGurukul Online Shopping Portal

CVE-2025-65647: IDOR in Track Order (PHPGURUKUL OS Portal 2.1)
CVE-2025-65647 4.3 - Medium - November 25, 2025

Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter.

Insecure Direct Object Reference / IDOR

PHPGurukul 2.0: SQLi via product-details.php
CVE-2024-44664 6.5 - Medium - November 17, 2025

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php.

SQL Injection

PHPGurukul Online Shopping Portal 2.0 SQL Injection via login.php
CVE-2024-44660 6.5 - Medium - November 17, 2025

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php.

SQL Injection

SQL Injection in PHPGurukul Online Shopping Portal 2.0 - search-result.php
CVE-2024-44663 6.5 - Medium - November 17, 2025

PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php.

SQL Injection

PHPGURUKUL Online Shopping Portal 2.1 - XSS via Unsanitized Quantity Parameter
CVE-2025-52074 6.1 - Medium - September 12, 2025

PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the cart.

XSS

PHPGurukul 1.0 /category.php Product Arg SQLi Remote
CVE-2025-5367 9.8 - Critical - May 31, 2025

A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQLi in PHPGurukul Online Shopping Portal 2.1: /product-details.php
CVE-2025-1855 8.8 - High - March 03, 2025

A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQL Injection in Campcodes 2.1 via /search-result.php - Critical
CVE-2025-1578 7.5 - High - February 23, 2025

A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping Portal 2.1. This affects an unknown part of the file /search-result.php. The manipulation of the argument Product leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQL Injection in PHPGurukul Online Shopping Portal v2.1 track-orders.php
CVE-2025-26156 - February 14, 2025

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter.

PHPGurukul 2.0 XSS via DataTable Scripts
CVE-2024-10768 5.4 - Medium - November 04, 2024

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/two_tables.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

XSS

PHPGurukul Online Shopping Portal 2.0: XSS Vulnerability in DataTables Plugin
CVE-2024-10755 6.1 - Medium - November 04, 2024

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. Affected is an unknown function of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/empty_table.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

XSS

PHPGurukul Online Shopping Portal 2.0: Cross-Site Scripting in DataTables Plugin
CVE-2024-10754 6.1 - Medium - November 04, 2024

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dymanic_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

XSS

PHPGurukul Online Shopping Portal 2.0: Cross-Site Scripting (XSS) in DataTables Plugin
CVE-2024-10756 6.1 - Medium - November 04, 2024

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/html_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

XSS

PHPGurukul Online Shopping Portal 2.0: XSS Vulnerability in DataTables Plugin
CVE-2024-10757 6.1 - Medium - November 04, 2024

A vulnerability, which was classified as problematic, has been found in PHPGurukul Online Shopping Portal 2.0. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/js_data.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

XSS

PHPGurukul Online Shopping Portal 2.0: Cross-Site Scripting in DataTables Plugin
CVE-2024-10753 5.4 - Medium - November 04, 2024

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. This vulnerability affects unknown code of the file admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

XSS

PHPGurukul Online Shopping Portal 2.0: Cross-Site Scripting (XSS) in DataTables Plugin
CVE-2024-10747 6.1 - Medium - November 04, 2024

A vulnerability classified as problematic was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data_th.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

XSS

PHPGurukul Online Shopping Portal 2.0: Cross-Site Scripting (XSS) in DataTables Plugin
CVE-2024-10746 6.1 - Medium - November 04, 2024

A vulnerability classified as problematic has been found in PHPGurukul Online Shopping Portal 2.0. This affects an unknown part of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/dom_data.php. The manipulation of the argument scripts leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

XSS

PHPGurukul Online Shopping Portal 2.0: Cross-Site Scripting in DataTables Plugin
CVE-2024-10744 6.1 - Medium - November 03, 2024

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

XSS

PHPGurukul Online Shopping Portal 2.0: Cross-Site Scripting (XSS) in DataTables Plugin
CVE-2024-10745 6.1 - Medium - November 03, 2024

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

XSS

PHPGurukul Online Shopping Portal 2.0: Cross-Site Scripting (XSS) in DataTables Plugin
CVE-2024-10743 6.1 - Medium - November 03, 2024

A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been classified as problematic. Affected is an unknown function of the file /shopping/admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

XSS

SQLi in PHPGurukul Online Shopping Portal 2.0 Admin Panel
CVE-2024-9326 9.8 - Critical - September 29, 2024

A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

PHPGurukul Online Shopping Portal v2.0: CSRF Stored XSS (Arbitrary JS Exec)
CVE-2024-39090 - July 18, 2024

The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover.

SQL Injection in Online Shopping Portal 3.1 Login (CVE-2023-38890)
CVE-2023-38890 - August 18, 2023

Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks.

Online Shopping Portal v3.1 SQLi via Email in login.php
CVE-2023-37772 8.8 - High - August 01, 2023

Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php.

SQL Injection

PHPGurukul 1.0 Registration Page Auth Brute Force Vulnerability
CVE-2023-3605 9.1 - Critical - July 10, 2023

A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233467.

Improper Restriction of Excessive Authentication Attempts

Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities
CVE-2021-46110 9.8 - Critical - February 18, 2022

Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters.

SQL Injection

An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint
CVE-2021-37807 7.5 - High - October 27, 2021

An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database.

SQL Injection