CVE-2025-1855

A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:phpgurukul:online_shopping_portal:2.1:*:*:*:*:*:*:*

History

24 Jun 2025, 15:55

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad en PHPGurukul Online Shopping Portal 2.1. Se ha declarado como crítica. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo /product-details.php. La manipulación del argumento calidad/precio/valor/nombre/resumen/reseña provoca una inyección SQL. El ataque se puede ejecutar de forma remota. La vulnerabilidad se ha hecho pública y puede utilizarse.
First Time Phpgurukul
Phpgurukul online Shopping Portal
CPE cpe:2.3:a:phpgurukul:online_shopping_portal:2.1:*:*:*:*:*:*:*
References () https://github.com/panghuanjie/Code-audits/blob/main/PHPGurukul/PHPGurukul%20Online%20Shopping%20Portal%20v2.1%20SQL%20Injection3%20.pdf - () https://github.com/panghuanjie/Code-audits/blob/main/PHPGurukul/PHPGurukul%20Online%20Shopping%20Portal%20v2.1%20SQL%20Injection3%20.pdf - Exploit, Third Party Advisory
References () https://phpgurukul.com/ - () https://phpgurukul.com/ - Product
References () https://vuldb.com/?ctiid.298123 - () https://vuldb.com/?ctiid.298123 - Permissions Required, VDB Entry
References () https://vuldb.com/?id.298123 - () https://vuldb.com/?id.298123 - Third Party Advisory, VDB Entry
References () https://vuldb.com/?submit.506066 - () https://vuldb.com/?submit.506066 - Third Party Advisory, VDB Entry

03 Mar 2025, 07:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-03-03 07:15

Updated : 2025-06-24 15:55


NVD link : CVE-2025-1855

Mitre link : CVE-2025-1855

CVE.ORG link : CVE-2025-1855


JSON object : View

Products Affected

phpgurukul

  • online_shopping_portal
CWE
CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')