CVE-2024-0355: PHPGurukul Dairy Farm Shop Management System add-category.php sql injection

5.5 CVSS

Description

A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability. Es wurde eine Schwachstelle in PHPGurukul Dairy Farm Shop Management System bis 1.1 gefunden. Sie wurde als kritisch eingestuft. Es geht dabei um eine nicht klar definierte Funktion der Datei add-category.php. Durch Manipulation des Arguments category mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur öffentlichen Verfügung.

Classification

CVE ID: CVE-2024-0355

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.5

CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Problem Types

CWE-89 SQL Injection

Affected Products

Vendor: PHPGurukul

Product: Dairy Farm Shop Management System

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.09% (probability of being exploited)

EPSS Percentile: 27.0% (scored less or equal to compared to others)

EPSS Date: 2025-04-18 (when was this score calculated)

Stakeholder-Specific Vulnerability Categorization (SSVC)

SSVC Exploitation: poc

SSVC Technical Impact: total

SSVC Automatable: false

References

https://nvd.nist.gov/vuln/detail/CVE-2024-0355
https://vuldb.com/?id.250122
https://vuldb.com/?ctiid.250122
https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8

Timeline

2025-04-17 18:40:11 UTC
CVE

PHPGurukul Dairy Farm Shop Management System add-category.php sql injection