CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10745 – PHPGurukul Online Shopping Portal deferred_table.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10745
03 Nov 2024 — A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. The attack may be launched remotely. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(deferred_table.php).md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10744 – PHPGurukul Online Shopping Portal complex_header_2.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10744
03 Nov 2024 — A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit_testing/templates/complex_header_2.php. The manipulation of the argument scripts leads to cross site scripting. The attack can be launched remotely. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(complex_header_2.php).md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10743 – PHPGurukul Online Shopping Portal editable_ajax.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-10743
03 Nov 2024 — A vulnerability was found in PHPGurukul Online Shopping Portal 2.0. It has been classified as problematic. Affected is an unknown function of the file /shopping/admin/assets/plugins/DataTables/examples/examples_support/editable_ajax.php. The manipulation of the argument value leads to cross site scripting. It is possible to launch the attack remotely. • https://github.com/secuserx/CVE/blob/main/%5BXSS%20vulnerability%5D%20found%20in%20Online%20Shopping%20Portal%202.0%20-%20(editable_ajax.php).md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 16%CPEs: 1EXPL: 2CVE-2024-9326 – PHPGurukul Online Shopping Portal Admin Panel index.php sql injection
https://notcve.org/view.php?id=CVE-2024-9326
29 Sep 2024 — A vulnerability classified as critical was found in PHPGurukul Online Shopping Portal 2.0. This vulnerability affects unknown code of the file /shopping/admin/index.php of the component Admin Panel. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ghostwirez/CVE-2024-9326-PoC • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 2%CPEs: 1EXPL: 1CVE-2024-39090
https://notcve.org/view.php?id=CVE-2024-39090
18 Jul 2024 — The PHPGurukul Online Shopping Portal Project version 2.0 contains a vulnerability that allows Cross-Site Request Forgery (CSRF) to lead to Stored Cross-Site Scripting (XSS). An attacker can exploit this vulnerability to execute arbitrary JavaScript code in the context of a user's session, potentially leading to account takeover. La versión 2.0 del proyecto PHPGurukul Online Shopping Portal contiene una vulnerabilidad que permite que la Cross-Site Request Forgery (CSRF) conduzca a Cross-Site Scripting (XSS)... • https://github.com/ghostwirez/CVE-2024-39090-PoC • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.0EPSS: 1%CPEs: 1EXPL: 1CVE-2023-38890
https://notcve.org/view.php?id=CVE-2023-38890
18 Aug 2023 — Online Shopping Portal Project 3.1 allows remote attackers to execute arbitrary SQL commands/queries via the login form, leading to unauthorized access and potential data manipulation. This vulnerability arises due to insufficient validation of user-supplied input in the username field, enabling SQL Injection attacks. Online Shopping Portal Project v3.1 permite a atacantes remotos ejecutar comandos/consultas SQL arbitrarias a través del formulario de inicio de sesión, lo que conduce a un acceso no autorizad... • https://github.com/akshadjoshi/CVE-2023-38890 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37772
https://notcve.org/view.php?id=CVE-2023-37772
01 Aug 2023 — Online Shopping Portal Project v3.1 was discovered to contain a SQL injection vulnerability via the Email parameter at /shopping/login.php. • https://github.com/anky-123/CVE-2023-37772 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3605 – PHPGurukul Online Shopping Portal Registration Page excessive authentication
https://notcve.org/view.php?id=CVE-2023-3605
10 Jul 2023 — A vulnerability was found in PHPGurukul Online Shopping Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Registration Page. The manipulation leads to improper restriction of excessive authentication attempts. The attack can be launched remotely. • https://vuldb.com/?ctiid.233467 • CWE-307: Improper Restriction of Excessive Authentication Attempts •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-46110
https://notcve.org/view.php?id=CVE-2021-46110
18 Feb 2022 — Online Shopping Portal v3.1 was discovered to contain multiple time-based SQL injection vulnerabilities via the email and contactno parameters. Se ha detectado que Online Shopping Portal versión v3.1, contiene múltiples vulnerabilidades de inyección SQL basadas en el tiempo por medio de los parámetros email y contactno • https://giant-falcon-36d.notion.site/Online-Shopping-Portal-2924d0ad55e94c4cb2359b0d098c4db6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37807
https://notcve.org/view.php?id=CVE-2021-37807
27 Oct 2021 — An SQL Injection vulneraility exists in https://phpgurukul.com Online Shopping Portal 3.1 via the email parameter on the /check_availability.php endpoint that serves as a checker whether a new user's email is already exist within the database. Se presenta una vulnerabilidad de inyección SQL en https://phpgurukul.com Online Shopping Portal versión 3.1, por medio del parámetro email en el endpoint /check_availability.php que sirve para comprobar si el email de un nuevo usuario ya se presenta en la base de dat... • https://packetstormsecurity.com/files/163574/Online-Shopping-Portal-3.1-SQL-Injection.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •