CVE-2026-5606

The CVE-2026-5606 entry describes a SQL injection vulnerability in PHPGurukul Online Shopping Portal Project 2.1, specifically in the Parameter Handler’s unknown function within /order-details.php where the orderid argument is manipulable. The issue can be exploited remotely by an attacker and is...

CVE-2026-5606 PHPGurukul Online Shopping Portal Project Parameter order-details.php sql injection

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the atta...

PT-2026-30514

A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. The affected element is an unknown function of the file /order-details.php of the component Parameter Handler. The manipulation of the argument orderid results in sql injection. It is possible to launch the atta...

PHPGurukul Online Shopping Portal Project SQL注入漏洞

The PHPGurukul Online Shopping Portal Project is an online shopping portal project developed by PHPGurukul Corporation. Version 2.1 of the PHPGurukul Online Shopping Portal Project contains a SQL injection vulnerability. This vulnerability arises from incorrect handling of the parameter “orderid”...

CVE-2025-14085

A vulnerability has been found in youlaitech youlai-mall 1.0.0/2.0.0. This impacts an unknown function of the file /app-api/v1/orders/. The manipulation of the argument orderId leads to improper control of dynamically-identified variables. Remote exploitation of the attack is possible. The exploi...

CVE-2025-13118

A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now public and may be...

CVE-2025-13117

A security vulnerability has been detected in macrozheng mall-swarm and mall up to 1.0.3. Affected by this vulnerability is the function cancelOrder of the file /order/cancelOrder. The manipulation of the argument orderId leads to improper authorization. The attack can be initiated remotely. The...

mall-swarm 授权问题漏洞

mall-swarm is a microservice mall system. There is an authorization issue vulnerability in mall-swarm, which originates from the improper handling of the orderId parameter in the cancelUserOrder function in the file /order/cancelUserOrder, and no detailed vulnerability details are provided...

EUVD-2022-15737

Malicious code in bioql PyPI...

EUVD-2022-46258

Malicious code in bioql PyPI...

EUVD-2022-46256

Malicious code in bioql PyPI...

EUVD-2024-22559

Malicious code in bioql PyPI...

CVE-2025-9836

CVE-2025-9836 affects macrozheng mall up to version 1.0.3. The flaw exists in the paySuccess function (/order/paySuccess); manipulating the orderId parameter enables an authorization bypass. The issue can be exploited remotely and exploitation has been made public (e.g., public PoC). Connected so...

Code-Projects Inventory Management System 注入漏洞

Inventory Management System is an inventory management system. Inventory Management System has a SQL injection vulnerability that stems from insufficient filtering of the orderId parameter in the file /phpaction/editPayment.php. No details of the vulnerability are available at this time...

CVE-2022-43214

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at printOrder.php...

CVE-2022-43212

Billing System Project v1.0 was discovered to contain a SQL injection vulnerability via the orderId parameter at fetchOrderData.php...

CVE-2025-26156

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter...

CVE-2025-26156

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter...

PT-2025-7125 · Unknown · Phpgurukul Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.1 Description: A SQL Injection issue was found in the /shopping/track-orders.php file, allowing remote attackers to execute arbitrary code via the orderid POST request parameter. Recommendations: Fo...

CVE-2025-26156

CVE-2025-26156 affects PHPGurukul Online Shopping Portal v2.1, with a SQL Injection in /shopping/track-orders.php exploited via the orderid POST parameter. The vulnerability can allow remote code execution and has a CVSS v3.1 base score of 8.8 (HIGH) with network access, low attack complexity, an...