Dairy Farm Shop Management System
Monthly
A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-categories.php file.
A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the companyname parameter in a POST request.
A critical SQL injection vulnerability exists in PHPGurukul Dairy Farm Shop Management System version 1.3 within the /search-product.php endpoint, specifically in the 'productname' parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the database. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation a significant risk.
PHPGurukul Dairy Farm Shop Management System version 1.3 contains a critical SQL injection vulnerability in the /sales-report-details.php file affecting the fromdate and todate parameters. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with working proof-of-concept code available, making active exploitation likely in the wild.
SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System version 1.3, specifically in the /profile.php file's mobilenumber parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit code available and carries a CVSS score of 7.3 (high severity), though the actual exploitability depends on database configuration and input filtering implementation.
Critical SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System version 1.3, specifically in the /bwdate-report-details.php file where the fromdate and todate parameters are inadequately sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The exploit has been publicly disclosed with proof-of-concept availability, indicating active exploitation risk.
PHPGurukul Dairy Farm Shop Management System version 1.3 contains a critical SQL injection vulnerability in the /add-product.php file's productname parameter that allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, creating immediate risk for all exposed installations. With a CVSS score of 7.3 (High) and evidence of public disclosure, this vulnerability should be prioritized for remediation despite the moderate CVSS rating.
Critical SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System version 1.3, specifically in the /add-company.php file where the 'companyname' parameter is improperly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data theft, modification, or deletion. The exploit has been publicly disclosed and proof-of-concept code is available, significantly increasing real-world exploitation risk.
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
A SQL injection vulnerability was discovered in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability allows remote attackers to execute arbitrary SQL code via the category and categorycode parameters in a POST request to the manage-categories.php file.
A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the companyname parameter in a POST request.
A critical SQL injection vulnerability exists in PHPGurukul Dairy Farm Shop Management System version 1.3 within the /search-product.php endpoint, specifically in the 'productname' parameter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of the database. The vulnerability has been publicly disclosed with proof-of-concept code available, making active exploitation a significant risk.
PHPGurukul Dairy Farm Shop Management System version 1.3 contains a critical SQL injection vulnerability in the /sales-report-details.php file affecting the fromdate and todate parameters. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with working proof-of-concept code available, making active exploitation likely in the wild.
SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System version 1.3, specifically in the /profile.php file's mobilenumber parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has public exploit code available and carries a CVSS score of 7.3 (high severity), though the actual exploitability depends on database configuration and input filtering implementation.
Critical SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System version 1.3, specifically in the /bwdate-report-details.php file where the fromdate and todate parameters are inadequately sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The exploit has been publicly disclosed with proof-of-concept availability, indicating active exploitation risk.
PHPGurukul Dairy Farm Shop Management System version 1.3 contains a critical SQL injection vulnerability in the /add-product.php file's productname parameter that allows unauthenticated remote attackers to execute arbitrary SQL queries. The vulnerability has been publicly disclosed with proof-of-concept code available, creating immediate risk for all exposed installations. With a CVSS score of 7.3 (High) and evidence of public disclosure, this vulnerability should be prioritized for remediation despite the moderate CVSS rating.
Critical SQL injection vulnerability in PHPGurukul Dairy Farm Shop Management System version 1.3, specifically in the /add-company.php file where the 'companyname' parameter is improperly sanitized. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to data theft, modification, or deletion. The exploit has been publicly disclosed and proof-of-concept code is available, significantly increasing real-world exploitation risk.
A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.