← Back to CVEs

CVE-2020-5307

CRITICAL

9.8

Description

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published1/7/2020

Last Modified11/21/2024

Sourcenvd

Honeypot Sightings0

Affected Products

phpgurukul:dairy_farm_shop_management_system

Weaknesses (CWE)

CWE-89

References

https://cinzinga.github.io/CVE-2020-5307-5308/(cve@mitre.org)

https://www.exploit-db.com/exploits/47846(cve@mitre.org)

https://cinzinga.github.io/CVE-2020-5307-5308/(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/47846(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.