CVE-2020-28133

CRITICAL

Simple Grocery Store Sales and Inventory System - Authentication Bypass and SQL Injection via Login

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-28133. PoCs published by Saurav Shukla.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Simple Grocery Store Sales And Inventory System 1.0 via SQL injection. The payload 'jyot' or 1=1# bypasses login authentication by manipulating the SQL query.

Description

An issue was discovered in SourceCodester Simple Grocery Store Sales And Inventory System 1.0. There was authentication bypass in web login functionality allows an attacker to gain client privileges via SQL injection in sales_inventory/login.php.

Exploits (1)

exploitdb WORKING POC
by Saurav Shukla · textwebappsphp
https://www.exploit-db.com/exploits/48879

This exploit demonstrates an authentication bypass vulnerability in Simple Grocery Store Sales And Inventory System 1.0 via SQL injection. The payload 'jyot' or 1=1# bypasses login authentication by manipulating the SQL query.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Simple Grocery Store Sales And Inventory System 1.0
No auth needed
Prerequisites: Access to the login page · Network connectivity to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 9.8
EPSS 0.0208
EPSS Percentile 79.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
simple_grocery_store_sales_and_inventory_sales_project/simple_grocery_store_sales_and_inventory_system 1.0
Published Nov 17, 2020
Tracked Since Feb 18, 2026