5 results (0.029 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL. • https://packetstormsecurity.com/files/159000/Online-Book-Store-1.0-SQL-Injection.html https://www.exploit-db.com/exploits/48775 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication. Una inyección SQL en el archivo admin.php en Online Book Store versión 1.0, permite a atacantes remotos ejecutar comandos SQL arbitrarios y omitir la autenticación • http://hidden-one.co.in/2021/04/09/cve-2020-23763-sql-injection-leading-to-authentication-bypass-in-online-book-store-1-0 https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases. El parámetro id en el archivo detail.php de Online Book Store versión v1.0, es vulnerable a una inyección SQL ciega union-based, lo que conlleva a la capacidad de recuperar todas las bases de datos • https://github.com/TCSWT/Online-Book-Store/blob/main/Online-Book-Store.md https://www.sourcecodester.com/download-code?nid=14383&title=Online+Book+Store https://www.sourcecodester.com/php/14383/online-book-store.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access. En Projectworlds Online Book Store versión 1.0, el Uso de Credenciales Embebidas en el código fuente conlleva a un acceso del panel de administración • https://medium.com/%40th3cyb3rc0p/cve-2020-24115-use-of-hardcoded-credentials-in-source-code-leads-to-admin-panel-access-77e5028ec9af https://systemweakness.com/cve-2020-24115-use-of-hardcoded-credentials-in-source-code-leads-to-admin-panel-access-77e5028ec9af • CWE-798: Use of Hard-coded Credentials •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution. Una vulnerabilidad de carga de archivos no autenticada ha sido identificada en el archivo admin_add.php en PHPGurukul Online Book Store versión 1.0. La vulnerabilidad podría ser explotada por un atacante remoto no autenticado para cargar contenido en el servidor, incluyendo los archivos PHP, lo que podría resultar en una ejecución de comandos. • https://tib3rius.com/cves.html https://www.exploit-db.com/exploits/47887 • CWE-434: Unrestricted Upload of File with Dangerous Type •