Description

A time-based blind SQL injection vulnerability was identified in the PHPGurukul Dairy Farm Shop Management System 1.3. The vulnerability exists in the manage-companies.php file and allows remote attackers to execute arbitrary SQL code via the companyname parameter in a POST request.

Related CPE's

a

phpgurukul

dairy_farm_shop_management_system

1.3

Vulnerable

References

https://github.com/rtnthakur/CVE/blob/main/PHPGurukul/Dairy-Farm-Shop-Management-System/SQL/SQL_injection_edit-company.md

ExploitThird Party Advisory

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0

Secondary
CWE-89

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Analyzed

Published

2025-06-26T15:15:23.140

5 months ago

Last modified

2025-07-01T18:03:27.253

5 months ago