501 matches found
CVE-2023-23024
Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter...
CVE-2022-3452
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument categoryname leads to cross site scripting. The attack can be initiated remotely...
CVE-2022-2770
A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System. Affected is an unknown function of the file /obs/book.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to launch the attack remotely. VDB-206166 is...
CVE-2022-45613
Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter...
CVE-2022-45215
A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module...
CVE-2022-45225
Book Store Management System v1.0 was discovered to contain a cross-site scripting XSS vulnerability in /bsmsci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the booktitle parameter...
CVE-2022-3453
A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyername leads to cross site scripting. The attack may be initiated remotely...
CVE-2022-45217
A cross-site scripting XSS vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module...
CVE-2022-2748
A vulnerability was found in SourceCodester Simple Online Book Store System. It has been classified as problematic. Affected is an unknown function of the file /admin/edit.php. The manipulation of the argument eid leads to cross site scripting. It is possible to launch the attack remotely. The...
CVE-2022-2747
A vulnerability was found in SourceCodester Simple Online Book Store and classified as critical. This issue affects some unknown processing of the file book.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The associated identifier of th...
CVE-2022-2746
A vulnerability has been found in SourceCodester Simple Online Book Store System and classified as critical. This vulnerability affects unknown code of the file Admin add.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. VDB-206014 is the identifier assigne...
CVE-2021-43156
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admindelete.php allows a remote attacker to delete any book...
CVE-2020-36003
The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection, which leads to the ability to retrieve all databases...
CVE-2020-19111
Incorrect Access Control vulnerability in Online Book Store v1.0 via adminverify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information...
CVE-2020-19108
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code...
CVE-2020-19107
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to editbook.php, which could let a remote malicious user execute arbitrary code...
CVE-2020-19110
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code...
CVE-2020-19109
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to adminedit.php, which could let a remote malicious user execute arbitrary code...
CVE-2020-19112
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admindelete.php, which could let a remote malicious user execute arbitrary code...
CVE-2020-19114
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to editbook.php, which could let a remote malicious user execute arbitrary code...