PHPGurukul Online Shopping Portal Project
0 remedies
cpe:2.3:a:phpgurukul:online_shopping_portal:*:*:*:*:*:*:*
0 remedies
- 2.1
PHPGurukul Online Shopping Portal SQL Injection Vulnerability in Update Image Handler
Vulnerability
A SQL injection vulnerability exists in PHPGurukul Online Shopping Portal Project version 2.1, specifically within the admin/update-image1.php file. The issue arises from the Parameter Handler component, where the filename parameter is manipulated, allowing attackers to inject malicious SQL code. This vulnerability can be exploited remotely, with public knowledge of the exploit available.
Impact
Exploitation of this vulnerability allows unauthorized database access, manipulation or deletion of data, leakage of sensitive information, and potential disruption of services.
Reproduction
The vulnerability can be reproduced by sending a POST request to the admin/update-image1.php file with a crafted filename parameter that includes SQL injection payloads. This can be done using tools like sqlmap, which automates the process of finding and exploiting SQL injection vulnerabilities.
Remediation
No specific mitigation measures are known for this vulnerability.
Added: Apr 6, 2026, 10:20 AM
Updated: Apr 6, 2026, 10:20 AM
Vulnerability Rating
Custom Algorithm
spread
1.0impact
3.1exploitability
9.7remediation
0.0relevance
5.4threat
6.4urgency
2.9incentive
8.3Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.