3 matches found
CSE Bookstore SQL Injection (CVE-2020-36112)
An SQL injection vulnerability exists in CSE Bookstore. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
CVE-2020-36112
creationtimestamp| type| source ---|---|--- 2021-01-04 19:10:47+00:00| seen| https://t.me/cibsecurity/21547 2024-11-04 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-11-04 2025-01-26 00:00:00+00:00| seen| The Shadowserver honeypot/common-vulnerabilities -...
CVE-2020-36112
CVE-2020-36112 affects CSE Bookstore 1.0. The vulnerability is an SQL injection (time-based blind, boolean-based blind, and OR-based) in the pubid parameter of bookPerPub.php and cart.php, allowing an attacker to dump the entire database. Affected software: CSE Bookstore 1.0. Root cause: improper...