CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-36003
https://notcve.org/view.php?id=CVE-2020-36003
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases. El parámetro id en el archivo detail.php de Online Book Store versión v1.0, es vulnerable a una inyección SQL ciega union-based, lo que conlleva a la capacidad de recuperar todas las bases de datos • https://github.com/TCSWT/Online-Book-Store/blob/main/Online-Book-Store.md https://www.sourcecodester.com/download-code?nid=14383&title=Online+Book+Store https://www.sourcecodester.com/php/14383/online-book-store.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24115
https://notcve.org/view.php?id=CVE-2020-24115
In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. En Projectworlds Online Book Store versión 1.0, el Uso de Credenciales Embebidas en el código fuente conlleva a un acceso del panel de administración • https://medium.com/%40th3cyb3rc0p/cve-2020-24115-use-of-hardcoded-credentials-in-source-code-leads-to-admin-panel-access-77e5028ec9af https://systemweakness.com/cve-2020-24115-use-of-hardcoded-credentials-in-source-code-leads-to-admin-panel-access-77e5028ec9af • CWE-798: Use of Hard-coded Credentials •