Vulnerabilities > Projectworlds > Online Book Store Project IN PHP

DATE CVE VULNERABILITY TITLE RISK
2021-12-22 CVE-2021-43155 SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0
Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.
network
low complexity
projectworlds CWE-89
7.5
7.5
2021-12-22 CVE-2021-43156 Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Book Store Project in PHP 1.0
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. 		4.3
4.3
2021-05-06 CVE-2020-19107 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
7.5
2021-05-06 CVE-2020-19108 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
7.5
2021-05-06 CVE-2020-19109 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
7.5
2021-05-06 CVE-2020-19110 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
7.5
2021-05-06 CVE-2020-19111 Improper Authentication vulnerability in Projectworlds Online Book Store Project in PHP 1.0
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
network
low complexity
projectworlds CWE-287
critical
 9.8
9.8
2021-05-06 CVE-2020-19112 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
7.5
2021-05-06 CVE-2020-19113 Unrestricted Upload of File with Dangerous Type vulnerability in PHP 1.0
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
network
low complexity
projectworlds CWE-434
7.5
7.5
2021-05-06 CVE-2020-19114 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
7.5