VYPR

Online Book Store PHP

by Projectworlds

CVEs (10)

  • CVE-2020-19114CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.

  • CVE-2020-19113CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.03

    Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.

  • CVE-2020-19112CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.

  • CVE-2020-19111CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.

  • CVE-2020-19110CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.

  • CVE-2020-19109CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.

  • CVE-2020-19108CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.

  • CVE-2020-19107CriMay 6, 2021
    risk 0.64cvss 9.8epss 0.02

    SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.

  • CVE-2020-24115CriAug 31, 2020
    risk 0.64cvss 9.8epss 0.02

    In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access.

  • CVE-2021-43156MedDec 22, 2021
    risk 0.42cvss 6.5epss 0.01

    In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.