PT-2021-10280 · Unknown · Online Book Store

Liao10086

Published

2021-05-05

Updated

2021-05-07

CVE-2020-19108

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Online Book Store version 1.0

Description: The issue allows a remote malicious user to execute arbitrary code via SQL Injection in the pubid parameter to "bookPerPub.php". This could potentially lead to unauthorized access and data manipulation.

Recommendations: For Online Book Store version 1.0, consider restricting access to the "bookPerPub.php" endpoint until a patch is available. As a temporary workaround, avoid using the pubid parameter in the affected endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-19108

Affected Products

Online Book Store

PT-2021-10280 · Unknown · Online Book Store

CVE-2020-19108

Weakness Enumeration

Related Identifiers

Affected Products

References · 4