← Retour aux CVEs

CVE-2020-5307

CRITICAL

9.8

Description

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie1/7/2020

Derniere modification11/21/2024

Sourcenvd

Observations honeypot0

Produits affectes

phpgurukul:dairy_farm_shop_management_system

Faiblesses (CWE)

CWE-89

References

https://cinzinga.github.io/CVE-2020-5307-5308/(cve@mitre.org)

https://www.exploit-db.com/exploits/47846(cve@mitre.org)

https://cinzinga.github.io/CVE-2020-5307-5308/(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/47846(af854a3a-2127-422b-91ae-364da2661108)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.