VYPR

Simple Online Book Store System

by Sourcecodester

CVEs (26)

  • CVE-2024-7799MedAug 15, 2024
    risk 0.34cvss 5.3epss 0.01

    A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /simple-online-bidding-system/bidding/admin/users.php. The manipulation leads to improper authorization.…

  • CVE-2024-5428MedMay 28, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic was found in SourceCodester Simple Online Bidding System 1.0. Affected by this vulnerability is the function save_product of the file /admin/index.php?page=manage_product of the component HTTP POST Request Handler. The manipulation leads…

  • CVE-2024-4929MedMay 16, 2024
    risk 0.28cvss 4.3epss 0.00

    A vulnerability classified as problematic has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file /simple-online-bidding-system/admin/ajax.php?action=save_user. The manipulation leads to cross-site request forgery. It is…

  • CVE-2024-5437LowMay 29, 2024
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is…

  • CVE-2022-2748LowAug 11, 2022
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the…

  • CVE-2025-63891Nov 14, 2025
    risk 0.00cvss epss 0.01

    Information Disclosure in web-accessible backup file in SourceCodester Simple Online Book Store System allows a remote unauthenticated attacker to disclose full database contents (including schema and credential hashes) via an unauthenticated HTTP GET request to…

Page 2 of 2