Online Book Store Project In Php

online_book_store_project_in_php

Vendor: Projectworlds • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-43156 1Projectworlds 1Online Book Store Project In Php Nov 21, 2024 Dec 22, 2021 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.
CVE-2021-43155 1Projectworlds 1Online Book Store Project In Php Nov 21, 2024 Dec 22, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.
CVE-2020-19114 1Projectworlds 1Online Book Store Project In Php Nov 21, 2024 May 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19113 1Projectworlds 1Online Book Store Project In Php Nov 21, 2024 May 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
CVE-2020-19112 1Projectworlds 1Online Book Store Project In Php Nov 21, 2024 May 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19111 1Projectworlds 1Online Book Store Project In Php Nov 21, 2024 May 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
CVE-2020-19110 1Projectworlds 1Online Book Store Project In Php Nov 21, 2024 May 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
CVE-2020-19109 1Projectworlds 1Online Book Store Project In Php Nov 21, 2024 May 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19108 1Projectworlds 1Online Book Store Project In Php Nov 21, 2024 May 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.
CVE-2020-19107 1Projectworlds 1Online Book Store Project In Php Nov 21, 2024 May 6, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.