CVE-2020-36112

Name of the Vulnerable Software and Affected Versions: CSE Bookstore version 1.0

Description: The issue affects the CSE Bookstore, allowing for time-based blind, boolean-based blind, and OR error-based SQL injection attacks. This is possible due to a vulnerability in the pubid parameter within the bookPerPub.php and cart.php files. A successful exploitation could lead to an attacker gaining access to the entire database of the web application.

Recommendations: For CSE Bookstore version 1.0, consider restricting access to the bookPerPub.php and cart.php files until a patch is available. As a temporary workaround, avoid using the pubid parameter in these files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.