← Retour aux CVEs
CVE-2020-28133
CRITICAL9.8
Description
An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie11/17/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
simple_grocery_store_sales_and_inventory_sales_project:simple_grocery_store_sales_and_inventory_system
Faiblesses (CWE)
CWE-89
References
https://www.exploit-db.com/exploits/48879(cve@mitre.org)
https://www.sourcecodester.com/php/14461/simple-grocery-store-sales-and-inventory-system-using-phpmysql-source-code.html(cve@mitre.org)
https://www.exploit-db.com/exploits/48879(af854a3a-2127-422b-91ae-364da2661108)
https://www.sourcecodester.com/php/14461/simple-grocery-store-sales-and-inventory-system-using-phpmysql-source-code.html(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.