CVE-2025-14647

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Computer Book Store version 1.0

Description A weakness exists in Computer Book Store version 1.0 related to SQL injection. The issue is located in the /admin delete.php file, specifically within an unknown function. Manipulation of the bookisbn argument can trigger the SQL injection. The attack can be initiated remotely, and the exploit has been publicly released.

Recommendations Apply a fix to the vulnerable function in /admin delete.php to prevent manipulation of the bookisbn argument.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-14647

Affected Products

Computer Book Store

CVE-2025-14647

Weakness Enumeration

Related Identifiers

Affected Products

References · 15