This can lead to remote attackers deleting, modifying, or disabling the system. A user with low privileges or a non-existent user can do this.

Dairy Farm Shop Management System 1.0 allows unauthenticated remote attackers to conduct ARP poisoning via the dfs_session_key parameter to dfs/sales-report/report.php.

This can be exploited to hijack other people’s accounts.

Dairy Farm Shop Management System 1.0 allows unauthenticated remote attackers to conduct ARP poisoning via the dfs_session_key parameter to dfs/sales-report/report.php.

This can be exploited to hijack other people’s accounts.

Vulnerable sites

This CVE is not a vulnerability in the application itself, and it affects all versions of Dairy Farm Shop Management System 1.0.

CVE-2022-40944 is a vulnerability in the Dairy Farm Shop Management System 1.0 application which is found in all versions of the software installed by this company.

Timeline

Published on: 09/30/2022 18:15:00 UTC
Last modified on: 10/04/2022 17:06:00 UTC

References