CVE-2025-26156

Published: 2025-02-14T17:15Z

Last Modified: 2025-04-02T18:49Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt