CVE-2026-5635
Description
A security flaw has been discovered in PHPGurukul Online Shopping Portal Project 2.1. Affected by this issue is some unknown functionality of the file /categorywise-products.php of the component Parameter Handler. The manipulation of the argument cid results in sql injection. The attack can be launched remotely. The exploit has been released to the public and may be used for attacks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An SQL injection vulnerability in PHPGurukul Online Shopping Portal Project 2.1 allows remote attackers to inject arbitrary SQL via the cid parameter in /categorywise-products.php, leading to data breach and system compromise.
The vulnerability is an SQL injection in the file /categorywise-products.php due to insufficient validation of the 'cid' parameter. The input is directly used in SQL queries without sanitization, allowing attackers to inject malicious SQL statements [2].
The attack can be launched remotely via a GET request without authentication. The parameter 'cid' is vulnerable, and exploit code has been publicly released, increasing the risk [2].
Successful exploitation allows attackers to access, modify, or delete database contents, leading to sensitive data leakage, system compromise, and potential service disruption [2].
As of the publication date, no official patch is available. Users should apply input validation and use parameterized queries to mitigate the vulnerability. The vendor's website indicates the product is still available [1].
AI Insight generated on May 18, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.