CVE-2022-40944 Dairy Farm Shop Management System 1.0 is vulnerable to SQL Injection via sales-report-ds.php file.

This can lead to remote attackers deleting, modifying, or disabling the system. A user with low privileges or a non-existent user can do this.

Dairy Farm Shop Management System 1.0 allows unauthenticated remote attackers to conduct ARP poisoning via the dfs_session_key parameter to dfs/sales-report/report.php.

This can be exploited to hijack other people’s accounts.

Dairy Farm Shop Management System 1.0 allows unauthenticated remote attackers to conduct ARP poisoning via the dfs_session_key parameter to dfs/sales-report/report.php.

This can be exploited to hijack other people’s accounts.

Vulnerable sites

This CVE is not a vulnerability in the application itself, and it affects all versions of Dairy Farm Shop Management System 1.0.

CVE-2022-40944 is a vulnerability in the Dairy Farm Shop Management System 1.0 application which is found in all versions of the software installed by this company.

Timeline

Published on: 09/30/2022 18:15:00 UTC
Last modified on: 10/04/2022 17:06:00 UTC

References

• https://caicaizi.top/archives/9/
• https://phpgurukul.com/dairy-farm-shop-management-system-using-php-and-mysql/
• https://github.com/Qrayyy/CVE/blob/main/Dairy%20Farm%20Shop%20Management%20System/sales-report-ds-sql(CVE-2022-40944).md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-40944