CVE-2026-5636
SQL Injection in PHPGurukul /cancelorder.php Enables Remote Attack
Publication date: 2026-04-06
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| phpgurukul | online_shopping_portal_project | 2.1 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-74 | The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component. |
| CWE-89 | The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the /cancelorder.php endpoint for SQL injection in the 'oid' parameter. A proof-of-concept involves sending a payload that triggers a time-based blind SQL injection, such as: oid=6' RLIKE SLEEP(5)--.
One practical approach is to use automated tools like sqlmap to test the endpoint. For example, running sqlmap against the URL with the vulnerable parameter can confirm the presence of the SQL injection.
- Example payload to test manually: oid=6' RLIKE SLEEP(5)--
- Use sqlmap command: sqlmap -u "http://targetsite/cancelorder.php" --data="oid=6" --risk=3 --level=5
Can you explain this vulnerability to me?
CVE-2026-5636 is a critical SQL injection vulnerability found in version 2.1 of the PHPGurukul Online Shopping Portal Project, specifically in the /cancelorder.php file. The vulnerability occurs because the "oid" parameter is not properly sanitized or validated before being used in SQL queries. This allows an attacker to inject malicious SQL code remotely, potentially gaining unauthorized access to the database.
A proof-of-concept demonstrated a time-based blind SQL injection attack using the payload `oid=6' RLIKE SLEEP(5)--`, which exploits MySQL versions 5.0.12 and above. The vulnerability enables attackers to perform unauthorized database operations such as data leakage, data tampering, and possibly gaining full system control.
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized access to sensitive data, data leakage, and data tampering within the affected database. Attackers could manipulate or delete data, disrupt services, and potentially gain full control over the system hosting the application.
Such exploitation could lead to loss of data integrity, service outages, and compromise of user information, which can damage the reputation of the affected organization and result in financial losses.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include implementing prepared statements with parameter binding to separate SQL code from user input, which prevents SQL injection.
Additionally, rigorously validate and filter all user inputs to ensure they conform to expected formats before processing.
Restrict database user permissions to the minimum necessary, avoiding the use of high-privilege accounts for routine operations.
Taking these corrective actions promptly is essential to protect system security and maintain data integrity.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SQL injection vulnerability in the PHPGurukul Online Shopping Portal Project 2.1 allows unauthorized database access, data leakage, and data tampering. Such unauthorized access and potential exposure of sensitive data can lead to non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls to protect personal and sensitive information.
Failure to remediate this vulnerability could result in breaches of confidentiality, integrity, and availability of data, which are core principles in many compliance frameworks. This may lead to legal penalties, reputational damage, and loss of customer trust.
Therefore, addressing this vulnerability by implementing prepared statements, input validation, and restricting database permissions is essential to maintain compliance with common standards and regulations.