PT-2025-6150 · Unknown · 1000 Projects Bookstore Management System
Neo-O
·
Published
2025-02-11
·
Updated
2025-02-28
·
CVE-2025-1172
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
1000 Projects Bookstore Management System version 1.0
Description
A critical issue has been found in the 1000 Projects Bookstore Management System, affecting some unknown functionality of the file addtocart.php. The manipulation of the argument
bcid leads to SQL injection. The attack may be launched remotely.Recommendations
For 1000 Projects Bookstore Management System version 1.0, consider restricting access to the addtocart.php file until a patch is available. As a temporary workaround, avoid using the
bcid argument in the affected file to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
1000 Projects Bookstore Management System