| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. |
| Insecure Direct Object Reference (IDOR) in the Track order function in PHPGURUKUL Online Shopping Portal 2.1 allows information disclosure via the oid parameter. |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the fullname, emailid, and contactno parameters in login.php. |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the username parameter in the admin page. |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the product parameter in search-result.php. |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the email parameter in forgot-password.php. |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to Cross Site Scripting (XSS) via the quantity parameter in my-cart.php. |
| PHPGurukul Online Shopping Portal 2.0 is vulnerable to SQL Injection via the name, summary, review, quality, price, and value parameters in product-details.php. |
| PHPGurukul Online Shopping Portal Project v2.1 is vulnerable to SQL Injection in /shopping/login.php via the fullname parameter. |
| A vulnerability was detected in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected is an unknown function of the file /admin/subcategory.php. Performing manipulation of the argument Category results in sql injection. The attack is possible to be carried out remotely. The exploit is now public and may be used. |
| A flaw has been found in PHPGurukul/Campcodes Online Shopping Portal 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/updateorder.php. Executing manipulation of the argument remark can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. |
| PHPGURUKUL Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) due to lack of input sanitization in the quantity parameter when adding a product to the cart. |
| PHPGurukul Online Shopping Portal 2.1 is vulnerable to Cross Site Scripting (XSS) in /admin/updateorder.php. |
| phpgurukul Online Shopping Portal 2.0 is vulnerable to Arbitrary File Upload in /admin/insert-product.php, due to the lack of extension validation. |
| A vulnerability was determined in PHPGurukul Online Shopping Portal Project 2.0. Affected by this issue is some unknown functionality of the file /shopping/signup.php. The manipulation of the argument emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability was identified in PHPGurukul Online Shopping Portal Project 2.0. This affects an unknown part of the file shopping/bill-ship-addresses.php. The manipulation of the argument billingpincode leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability has been found in PHPGurukul Online Shopping Portal Project 2.0. This vulnerability affects unknown code of the file /shopping/password-recovery.php. The manipulation of the argument emailid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability was found in PHPGurukul Online Shopping Portal Project 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument Product leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
| A vulnerability, which was classified as critical, was found in PHPGurukul/Campcodes Online Shopping Portal 2.1. This affects an unknown part of the file /search-result.php. The manipulation of the argument Product leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. |
