projectworldsofficial/online-book-store-project-in-php

projectworldsofficial/online-book-store-project-in-php

GitHubGitHub
GitHubgithub.com
Releases0
Stars56
This is an simple online web store was made by using php , mysql and bootstrap.
Log in to subscribe

CVE History

CVEPublishedCVSS v3CVSS v2
CVE-2021-43155
9.8 CRITICAL7.5 HIGH

Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.

CVE-2021-43156
6.5 MEDIUM4.3 MEDIUM

In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.

CVE-2020-19108
9.8 CRITICAL7.5 HIGH

SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.

CVE-2020-19109
9.8 CRITICAL7.5 HIGH

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.

CVE-2020-19110
9.8 CRITICAL7.5 HIGH

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.

CVE-2020-19111
9.8 CRITICAL7.5 HIGH

Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.

CVE-2020-19112
9.8 CRITICAL7.5 HIGH

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.

CVE-2020-19113
9.8 CRITICAL7.5 HIGH

Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.

CVE-2020-19114
9.8 CRITICAL7.5 HIGH

SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.

CVE-2020-19107
9.8 CRITICAL7.5 HIGH

SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.