CVE-2020-5307

CRITICAL NUCLEI

PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection via Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-5307. PoCs published by Chris Inzinga. A Nuclei detection template is also available.

AI-analyzed exploit summary This exploit demonstrates multiple SQL injection vulnerabilities in Dairy Farm Shop Management System 1.0, including unauthenticated time-based blind SQLi in the 'username' parameter and authenticated SQLi in other parameters. The payloads use SLEEP-based techniques to confirm MySQL backend vulnerabilities.

Description

PHPGurukul Dairy Farm Shop Management System 1.0 is vulnerable to SQL injection, as demonstrated by the username parameter in index.php, the category and CategoryCode parameters in add-category.php, the CompanyName parameter in add-company.php, and the ProductName and ProductPrice parameters in add-product.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Chris Inzinga · textwebappsphp
https://www.exploit-db.com/exploits/47846

This exploit demonstrates multiple SQL injection vulnerabilities in Dairy Farm Shop Management System 1.0, including unauthenticated time-based blind SQLi in the 'username' parameter and authenticated SQLi in other parameters. The payloads use SLEEP-based techniques to confirm MySQL backend vulnerabilities.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Dairy Farm Shop Management System v1.0
No auth needed
Prerequisites: Network access to the target application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

PHPGurukul Dairy Farm Shop Management System 1.0 - SQL Injection
CRITICALby gy741

References (2)

Core 2
Core References
Exploit, Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/47846
Third Party Advisory x_refsource_misc
https://cinzinga.github.io/CVE-2020-5307-5308/

Scores

CVSS v3 9.8
EPSS 0.1565
EPSS Percentile 96.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
phpgurukul/dairy_farm_shop_management_system 1.0
Published Jan 07, 2020
Tracked Since Feb 18, 2026