Vulnerabilities > Projectworlds > Online Book Store Project IN PHP > High

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-22	CVE-2021-43155	SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0 Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php. network low complexity projectworlds CWE-89	7.5
2021-05-06	CVE-2020-19107	SQL Injection vulnerability in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. network low complexity projectworlds CWE-89	7.5
2021-05-06	CVE-2020-19108	SQL Injection vulnerability in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. network low complexity projectworlds CWE-89	7.5
2021-05-06	CVE-2020-19109	SQL Injection vulnerability in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. network low complexity projectworlds CWE-89	7.5
2021-05-06	CVE-2020-19110	SQL Injection vulnerability in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. network low complexity projectworlds CWE-89	7.5
2021-05-06	CVE-2020-19112	SQL Injection vulnerability in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. network low complexity projectworlds CWE-89	7.5
2021-05-06	CVE-2020-19113	Unrestricted Upload of File with Dangerous Type vulnerability in PHP 1.0 Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. network low complexity projectworlds CWE-434	7.5
2021-05-06	CVE-2020-19114	SQL Injection vulnerability in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. network low complexity projectworlds CWE-89	7.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.