PT-2020-6773 · Unknown · Online Book Store

Liao10086

Published

2020-01-17

Updated

2021-05-07

CVE-2020-19109

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Online Book Store version 1.0

Description The issue is related to a SQL Injection vulnerability in the admin edit.php script, specifically via the bookisbn parameter. This could allow a remote malicious user to execute arbitrary code. The vulnerability is due to inadequate protection of the SQL query structure when handling the bookisbn parameter.

Recommendations For Online Book Store version 1.0, consider disabling access to the admin edit.php script or restricting the use of the bookisbn parameter until a patch is available. Additionally, ensure proper input validation and sanitization for the bookisbn parameter to prevent SQL injection attacks.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

BDU:2022-06250

CVE-2020-19109

Affected Products

Online Book Store

PT-2020-6773 · Unknown · Online Book Store

CVE-2020-19109

Weakness Enumeration

Related Identifiers

Affected Products

References · 5