RSS   Vulnerabilities for
'Online book store project in php'
   RSS

2021-12-22
 
CVE-2021-43155

CWE-89
 

 
Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.

 
 
CVE-2021-43156

CWE-352
 

 
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.

 
2021-05-06
 
CVE-2020-19110

CWE-89
 

 
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.

 
 
CVE-2020-19108

CWE-89
 

 
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.

 
 
CVE-2020-19109

CWE-89
 

 
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.

 
 
CVE-2020-19107

CWE-89
 

 
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.

 
 
CVE-2020-19114

CWE-89
 

 
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.

 
 
CVE-2020-19113

CWE-434
 

 
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.

 
 
CVE-2020-19112

CWE-89
 

 
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.

 
 
CVE-2020-19111

CWE-269
 

 
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.

 


Copyright 2022, cxsecurity.com

 

Back to Top