PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.
Recent assessments:
cinzinga at March 09, 2020 9:30pm UTC reported:
I am the author of this vulnerability. The username parameter is vulnerable to time-based blind SQLi. This means it can be exploited without any authentication and can potentially be used to obtain a reverse shell depending on permissions.
Blog post: <https://cinzinga.github.io/CVE-2020-5307-5308/>
Assessed Attacker Value: 3
Assessed Attacker Value: 3Assessed Attacker Value: 5