Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Online_book_store_project_in_php
(Projectworlds)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 10 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-05-06 | CVE-2020-19107 | SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | Online_book_store_project_in_php | 9.8 | ||
| 2021-05-06 | CVE-2020-19108 | SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. | Online_book_store_project_in_php | 9.8 | ||
| 2021-05-06 | CVE-2020-19109 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. | Online_book_store_project_in_php | 9.8 | ||
| 2021-05-06 | CVE-2020-19110 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | Online_book_store_project_in_php | 9.8 | ||
| 2021-05-06 | CVE-2020-19111 | Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | Online_book_store_project_in_php | 9.8 | ||
| 2021-05-06 | CVE-2020-19112 | SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | Online_book_store_project_in_php | 9.8 | ||
| 2021-05-06 | CVE-2020-19113 | Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. | Online_book_store_project_in_php | 9.8 | ||
| 2021-05-06 | CVE-2020-19114 | SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | Online_book_store_project_in_php | 9.8 | ||
| 2021-12-22 | CVE-2021-43155 | Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php. | Online_book_store_project_in_php | 9.8 | ||
| 2021-12-22 | CVE-2021-43156 | In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. | Online_book_store_project_in_php | 6.5 |