Login Sign Up

CVE-2020-36062

9.8 CRITICAL
Authentication Bypass

📋 TL;DR

Dairy Farm Shop Management System v1.0 contains hardcoded credentials in its source code, allowing attackers to bypass authentication and gain administrative access to the control panel. This affects all installations of this specific software version. Attackers can compromise the entire system if these credentials are discovered.

💻 Affected Systems

Products:
  • Dairy Farm Shop Management System
Versions: v1.0
Operating Systems: Any OS running PHP
Default Config Vulnerable: ⚠️ Yes
Notes: All installations of v1.0 are vulnerable due to hardcoded credentials in source code.

📦 What is this software?

Dairy Farm Shop Management System by Phpgurukul

View all CVEs affecting Dairy Farm Shop Management System →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover with administrative privileges, allowing data theft, system modification, or deployment of additional malware.

🟠

Likely Case

Unauthorized access to administrative functions, potential data exfiltration, and system configuration changes.

🟢

If Mitigated

Limited impact if system is isolated, not internet-facing, and has additional authentication layers.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires finding the hardcoded credentials in source code or using known default credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://phpgurukul.com

Restart Required: No

Instructions:

1. Contact vendor for updated version. 2. If no patch available, implement workarounds. 3. Remove hardcoded credentials from source code manually.

🔧 Temporary Workarounds

Remove Hardcoded Credentials

linux

Manually locate and remove hardcoded credentials from PHP source files.

grep -r 'password\|username\|admin' /path/to/dairy-farm-system/ --include='*.php'

Implement Additional Authentication

all

Add multi-factor authentication or IP whitelisting to control panel access.

🧯 If You Can't Patch

  • Isolate system from internet and restrict network access
  • Implement strict network segmentation and monitor for unauthorized access attempts

🔍 How to Verify

Check if Vulnerable:

Search source code for hardcoded credentials using grep: grep -r 'password\|admin' /path/to/installation/ --include='*.php'

Check Version:

Check version in documentation or configuration files; no standard command available.

Verify Fix Applied:

Verify hardcoded credentials are removed and test authentication with known credentials fails.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed login attempts followed by successful login with default credentials
  • Unauthorized access to admin pages

Network Indicators:

  • Unexpected traffic to control panel from unauthorized IPs

SIEM Query:

source="web_logs" AND (url="*/admin*" OR url="*/control-panel*") AND status=200 AND user_agent NOT IN ["expected_user_agents"]

📊 Metadata

CVE ID: CVE-2020-36062
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-798
Published: February 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-36062, you might also want to check these:

CVE-2025-20188 10.0

This critical vulnerability in Cisco IOS XE Wireless LAN Controllers allows unauthenticated remote a...

Same vulnerability type (CWE-798)
CVE-2026-22769 10.0

Dell RecoverPoint for Virtual Machines versions before 6.0.3.1 HF1 contain hardcoded credentials tha...

Same vulnerability type (CWE-798)
CVE-2021-0248 10.0

This vulnerability involves hard-coded credentials in Juniper Junos OS on NFX Series devices, allowi...

Same vulnerability type (CWE-798)