Online Book Store
by Janobe
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-9700 | Hig | 0.47 | 7.3 | 0.00 | Aug 30, 2025 | A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published… | ||
| CVE-2020-10224 | 0.01 | — | 0.05 | Mar 8, 2020 | An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command… | |||
| CVE-2024-9036 | 0.00 | — | 0.01 | Sep 20, 2024 | A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_add.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The… | |||
| CVE-2024-6013 | 0.00 | — | 0.01 | Jun 15, 2024 | A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The… | |||
| CVE-2024-6008 | 0.00 | — | 0.00 | Jun 15, 2024 | A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The… | |||
| CVE-2024-5984 | 0.00 | — | 0.01 | Jun 14, 2024 | A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The… | |||
| CVE-2024-5983 | 0.00 | — | 0.01 | Jun 14, 2024 | A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched… | |||
| CVE-2021-34249 | 0.00 | — | 0.01 | Feb 24, 2023 | SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL. | |||
| CVE-2021-43156 | 0.00 | — | 0.01 | Dec 22, 2021 | In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. | |||
| CVE-2020-19114 | 0.00 | — | 0.02 | May 5, 2021 | SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | |||
| CVE-2020-23763 | 0.00 | — | 0.02 | Apr 9, 2021 | SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. | |||
| CVE-2020-36003 | 0.00 | — | 0.01 | Feb 17, 2021 | The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases. | |||
| CVE-2020-24115 | 0.00 | — | 0.02 | Aug 31, 2020 | In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. |
- risk 0.47cvss 7.3epss 0.00
A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published…
- CVE-2020-10224Mar 8, 2020risk 0.01cvss —epss 0.05
An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command…
- CVE-2024-9036Sep 20, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_add.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The…
- CVE-2024-6013Jun 15, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The…
- CVE-2024-6008Jun 15, 2024risk 0.00cvss —epss 0.00
A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The…
- CVE-2024-5984Jun 14, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be launched remotely. The…
- CVE-2024-5983Jun 14, 2024risk 0.00cvss —epss 0.01
A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched…
- CVE-2021-34249Feb 24, 2023risk 0.00cvss —epss 0.01
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.
- CVE-2021-43156Dec 22, 2021risk 0.00cvss —epss 0.01
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.
- CVE-2020-19114May 5, 2021risk 0.00cvss —epss 0.02
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
- CVE-2020-23763Apr 9, 2021risk 0.00cvss —epss 0.02
SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
- CVE-2020-36003Feb 17, 2021risk 0.00cvss —epss 0.01
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
- CVE-2020-24115Aug 31, 2020risk 0.00cvss —epss 0.02
In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access.