Online Book Store PHP
CVEs (10)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-19114 | Cri | 0.64 | 9.8 | 0.02 | May 6, 2021 | SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | ||
| CVE-2020-19113 | Cri | 0.64 | 9.8 | 0.03 | May 6, 2021 | Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. | ||
| CVE-2020-19112 | Cri | 0.64 | 9.8 | 0.02 | May 6, 2021 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | ||
| CVE-2020-19111 | Cri | 0.64 | 9.8 | 0.02 | May 6, 2021 | Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | ||
| CVE-2020-19110 | Cri | 0.64 | 9.8 | 0.02 | May 6, 2021 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | ||
| CVE-2020-19109 | Cri | 0.64 | 9.8 | 0.02 | May 6, 2021 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. | ||
| CVE-2020-19108 | Cri | 0.64 | 9.8 | 0.02 | May 6, 2021 | SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. | ||
| CVE-2020-19107 | Cri | 0.64 | 9.8 | 0.02 | May 6, 2021 | SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | ||
| CVE-2020-24115 | Cri | 0.64 | 9.8 | 0.02 | Aug 31, 2020 | In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. | ||
| CVE-2021-43156 | Med | 0.42 | 6.5 | 0.01 | Dec 22, 2021 | In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. |
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
- risk 0.64cvss 9.8epss 0.03
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
- risk 0.64cvss 9.8epss 0.02
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.
- risk 0.64cvss 9.8epss 0.02
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
- risk 0.64cvss 9.8epss 0.02
In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access.
- risk 0.42cvss 6.5epss 0.01
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.