Projectworlds Online Book Store Project In Php — known CVE vulnerabilities
Every CVE whose affected-product data names Projectworlds Online Book Store Project In Php, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2020-19107 — CVSS 9.8 (critical): SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user…
CVE-2020-19108 — CVSS 9.8 (critical): SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user…
CVE-2020-19109 — CVSS 9.8 (critical): SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user…
CVE-2020-19110 — CVSS 9.8 (critical): SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious…
CVE-2020-19111 — CVSS 9.8 (critical): Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass…
CVE-2020-19112 — CVSS 9.8 (critical): SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious…
CVE-2020-19113 — CVSS 9.8 (critical): Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
CVE-2020-19114 — CVSS 9.8 (critical): SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user…
CVE-2021-43155 — CVSS 9.8 (critical): Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.
CVE-2021-43156 — CVSS 6.5 (medium): In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.