Primary

Context

PHPGurukul Online Shopping Portal SQL Injection Vulnerability

Vulnerability

A SQL injection vulnerability has been identified in PHPGurukul Online Shopping Portal version 2.0. The issue arises in the forgot-password.php file, where the email parameter can be manipulated to inject malicious SQL queries.

Impact

Exploitation of this vulnerability allows attackers to execute arbitrary SQL commands, potentially leading to unauthorized data access or manipulation.

Reproduction

To reproduce this vulnerability, send a request to forgot-password.php with a crafted email parameter that includes SQL injection payloads. A time-based payload, such as one that uses the SQL 'SLEEP' function, can be employed to demonstrate the injection by causing a delay in the server's response.

Added: Nov 17, 2025, 8:24 PM

Updated: Nov 17, 2025, 8:24 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

2.5

exploitability

9.7

remediation

0.0

relevance

1.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

PHPGurukul Online Shopping Portal SQL Injection Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

PHPGurukul Online Shopping Portal

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating