CVE-2022-29007
Published: 11 May 2022
Summary
CVE-2022-29007 is a critical-severity SQL Injection (CWE-89) vulnerability in Phpgurukul Dairy Farm Shop Management System. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 0.2% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
Dairy Farm Shop Management System version 1.0 contains multiple SQL injection vulnerabilities (CWE-89) in its administrative panel. The flaws reside in the username and password parameters and carry a CVSS 3.1 base score of 9.8, reflecting network-exploitable unauthenticated access that can compromise confidentiality, integrity, and availability.
An unauthenticated remote attacker can supply crafted input to these fields and bypass authentication entirely, obtaining administrative control of the application. Public proof-of-concept code demonstrating the bypass has been published on Exploit-DB and GitHub.
The CVE maintains a high EPSS score, currently 0.9250 with a recorded peak of 0.9271, indicating sustained exploitation interest after disclosure. No vendor advisory or patch information is referenced in the available sources.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-33437
Vulnerability details
Multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel of Dairy Farm Shop Management System v1.0 allows attackers to bypass authentication.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.