Filtered by vendor Phpgurukul
Subscriptions
Filtered by product Online Shopping Portal
Subscriptions
Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-46110 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-08-04 | 9.8 Critical |
Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. | ||||
CVE-2021-37807 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-08-04 | 7.5 High |
An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. | ||||
CVE-2023-38890 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-08-02 | 8.8 High |
Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. | ||||
CVE-2023-37772 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-08-02 | 8.8 High |
Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. | ||||
CVE-2023-3605 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-08-02 | 6.5 Medium |
A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. The associated identifier of this vulnerability is VDB-233467. | ||||
CVE-2024-39090 | 1 Phpgurukul | 1 Online Shopping Portal | 2024-08-02 | 6.1 Medium |
The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover. |
Page 1 of 1.