MidnightBSD

Advisories for online_book_store_project_project

CVE-2023-27250

Online Book Store Project v1.0 is vulnerable to SQL Injection via /bookstore/bookPerPub.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
online_book_store_project_project online_book_store_project 1.0
CVE-2023-43739

The 'bookisbn' parameter of the cart.php resource does not validate the characters received and they are sent unfiltered to the database.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
help@fluidattacks.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
online_book_store_project_project online_book_store_project 1.0