An unauthenticated file upload vulnerability has been identified in admin_add.php in PHPGurukul Online Book Store 1.0. The vulnerability could be exploited by an unauthenticated remote attacker to upload content to the server, including PHP files, which could result in command execution.
9.8CVSS
9.7AI Score
0.009EPSS
SQL injection in admin.php in Online Book Store 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication.
9.8CVSS
10AI Score
0.002EPSS
In projectworlds Online Book Store 1.0 Use of Hard-coded Credentials in source code leads to admin panel access.
9.8CVSS
9.4AI Score
0.005EPSS
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases.
7.5CVSS
7.7AI Score
0.002EPSS
SQL injection vulnerability in sourcecodester online-book-store 1.0 allows remote attackers to view sensitive information via the id paremeter in application URL.
7.5CVSS
7.6AI Score
0.001EPSS