A vulnerability, which was classified as critical , was found in PHPGurukul Online Shopping Portal Project 2.1 . The affected element is an unknown function of the file /order-details.php of the component Parameter Handler . The manipulation of the argument orderid results in sql injection. It is possible to launch the attack remotely. No exploit is available.