A SQL Injection vulnerability was found in /shopping/track-orders.php in PHPGurukul Online Shopping Portal v2.1, which allows remote attackers to execute arbitrary code via orderid POST request parameter.
https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/README.md