Sql injection

2024-03-0800:15:00

PRIOn knowledge base

www.prio-n.com

critical

sql injection

keerti1924 online-book-store-website

http post request handler

remote attacks

vulnerability disclosure

vdb-256041

nvd

7.8 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.7%

JSON

A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256041 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

References

github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Shop/Blind%20SQL%20Injection%20Shop.php%20.md

vuldb.com/?ctiid.256041

vuldb.com/?id.256041