A vulnerability was found in PHPGurukul Online Shopping Portal 2.1. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /product-details.php. The manipulation of the argument quality/price/value/name/summary/review leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
References
Link | Resource |
---|---|
https://github.com/panghuanjie/Code-audits/blob/main/PHPGurukul/PHPGurukul%20Online%20Shopping%20Portal%20v2.1%20SQL%20Injection3%20.pdf | Exploit Third Party Advisory |
https://phpgurukul.com/ | Product |
https://vuldb.com/?ctiid.298123 | Permissions Required VDB Entry |
https://vuldb.com/?id.298123 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.506066 | Third Party Advisory VDB Entry |
Configurations
History
24 Jun 2025, 15:55
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
First Time |
Phpgurukul
Phpgurukul online Shopping Portal |
|
CPE | cpe:2.3:a:phpgurukul:online_shopping_portal:2.1:*:*:*:*:*:*:* | |
References | () https://github.com/panghuanjie/Code-audits/blob/main/PHPGurukul/PHPGurukul%20Online%20Shopping%20Portal%20v2.1%20SQL%20Injection3%20.pdf - Exploit, Third Party Advisory | |
References | () https://phpgurukul.com/ - Product | |
References | () https://vuldb.com/?ctiid.298123 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.298123 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.506066 - Third Party Advisory, VDB Entry |
03 Mar 2025, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-03-03 07:15
Updated : 2025-06-24 15:55
NVD link : CVE-2025-1855
Mitre link : CVE-2025-1855
CVE.ORG link : CVE-2025-1855
JSON object : View
Products Affected
phpgurukul
- online_shopping_portal