← Voltar para CVEs

CVE-2020-5307

CRITICAL

9.8

Descricao

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

Detalhes CVE

Pontuacao CVSS v3.19.8

SeveridadeCRITICAL

Vetor CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vetor de ataqueNETWORK

ComplexidadeLOW

Privilegios necessariosNONE

Interacao do usuarioNONE

Publicado1/7/2020

Ultima modificacao11/21/2024

Fontenvd

Avistamentos honeypot0

Produtos afetados

phpgurukul:dairy_farm_shop_management_system

Fraquezas (CWE)

CWE-89

Referencias

https://cinzinga.github.io/CVE-2020-5307-5308/(cve@mitre.org)

https://www.exploit-db.com/exploits/47846(cve@mitre.org)

https://cinzinga.github.io/CVE-2020-5307-5308/(af854a3a-2127-422b-91ae-364da2661108)

https://www.exploit-db.com/exploits/47846(af854a3a-2127-422b-91ae-364da2661108)

Correlacoes IOC

Sem correlacoes registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.