PT-2020-16931 · Sourcecodester · Sourcecodester Simple Grocery Store Sales/Inventory System

Published

2020-11-17

Updated

2020-12-09

CVE-2020-28133

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SourceCodester Simple Grocery Store Sales And Inventory System version 1.0

Description An issue was discovered in the web login functionality, allowing authentication bypass. This enables an attacker to gain client privileges via SQL injection in the sales inventory/login.php file.

Recommendations For version 1.0, consider disabling the login functionality in sales inventory/login.php until a patch is available to prevent SQL injection attacks. Restrict access to the sales inventory/login.php file to minimize the risk of exploitation. Avoid using the login functionality in the affected version until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-28133

Affected Products

Sourcecodester Simple Grocery Store Sales/Inventory System

PT-2020-16931 · Sourcecodester · Sourcecodester Simple Grocery Store Sales/Inventory System

CVE-2020-28133

Weakness Enumeration

Related Identifiers

Affected Products

References · 7