CVE-2020-36112
Description
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
CSE Bookstore 1.0 is vulnerable to multiple SQL injection types via the pubid parameter in bookPerPub.php and cart.php, allowing full database extraction.
Vulnerability
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind, and OR error-based SQL injection in the pubid parameter within bookPerPub.php and cart.php [1]. The application fails to sanitize user input before using it in SQL queries. The affected version is CSE Bookstore 1.0, running on PHP and tested on Debian [1]. The vulnerability is present in the pubid parameter of both pages.
Exploitation
An attacker can exploit this vulnerability by sending crafted HTTP GET requests to the vulnerable endpoints. No authentication is required. For boolean-based blind injection, a payload like ' OR NOT 4138=4138# can be used [1]. For error-based injection, a payload leveraging FLOOR and COUNT(*) errors is effective [1]. Time-based blind injection uses SLEEP() function to infer data based on response times [1]. Tools like SQLMap can automate the exploitation [1].
Impact
A successful exploitation allows an attacker to dump the entire database of the web application [1]. This includes all user data, configurations, and other sensitive information. The impact is full compromise of the database, leading to information disclosure, potential data modification, and further attacks on the application and its users.
Mitigation
No official patch or fixed version has been released as of the publication date (2021-01-04) [1]. The vendor homepage is Projectworlds, and the application appears to be a sample project. Users should avoid deploying this application in production environments or apply input validation and parameterized queries to prevent SQL injection. As of now, no CISA KEV listing is associated with this CVE.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- CSE/Bookstoredescription
- Range: = 1.0
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Missing input sanitization and lack of parameterized queries allow SQL injection via the pubid and bookisbn parameters."
Attack vector
An unauthenticated attacker can send crafted HTTP requests to the vulnerable endpoints. For `bookPerPub.php`, the attacker appends a SQL payload to the `pubid` GET parameter, e.g., `pubid=' OR NOT 4138=4138#` for boolean-based blind injection [ref_id=1]. For `cart.php`, the attacker sends a POST request with a malicious `bookisbn` value such as `978-1-1180-2669-4'` [ref_id=1]. For `book.php`, the attacker injects via the `bookisbn` GET parameter, e.g., `bookisbn=978-0-7303-1484-4'` [ref_id=1]. The server returns SQL syntax errors in the response, confirming the injection point, and the attacker can then use automated tools like SQLMap to extract the entire database [ref_id=1].
Affected code
The vulnerability exists in `bookPerPub.php` (the `pubid` GET parameter), `cart.php` (the `bookisbn` POST parameter), and `book.php` (the `bookisbn` GET parameter) [ref_id=1]. The application directly interpolates user-supplied input into SQL queries without sanitization or parameterization, as demonstrated by the SQL syntax errors returned when a single quote is injected [ref_id=1].
What the fix does
No patch is provided in the bundle. The advisory does not include a fix or remediation guidance [ref_id=1]. To close the vulnerability, the application should use prepared statements with parameterized queries (e.g., MySQLi or PDO) instead of concatenating user input directly into SQL strings, and all input should be validated and sanitized before being used in database operations.
Preconditions
- configThe web application must be running CSE Bookstore version 1.0 on a PHP platform with a MySQL/MariaDB backend.
- networkThe attacker must be able to send HTTP GET or POST requests to the vulnerable endpoints (no authentication required).
- inputThe attacker supplies a malicious SQL payload in the pubid, bookisbn, or bookisbn parameter.
Reproduction
1. Send a GET request to `http://
Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
1- www.exploit-db.com/exploits/49314mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.