PT-2021-10943 · Unknown · Online Book Store

Published

2021-04-09

Updated

2021-04-13

CVE-2020-23763

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Online Book Store version 1.0

Description: The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication via SQL injection in the admin.php file.

Recommendations: For Online Book Store version 1.0, update the admin.php file to properly sanitize user input and prevent SQL injection attacks. As a temporary workaround, consider restricting access to the admin.php file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2020-23763

Affected Products

Online Book Store

PT-2021-10943 · Unknown · Online Book Store

CVE-2020-23763

Weakness Enumeration

Related Identifiers

Affected Products

References · 5