CVE-2025-0299

CVE-2025-0299 affects code-projects Online Book Shop 1.0; the /search_result.php page’s s parameter is vulnerable to SQL injection via an unknown function, allowing remote exploitation. The CVE is corroborated by multiple sources (NVD, Red Hat, CVE records, PT Security) describing remote SQL inje...

CVE-2025-0296

CVE-2025-0296 affects code-projects Online Book Shop 1.0. Multiple sources confirm a SQL injection in the /booklist.php page via the subcatid parameter. The vulnerability is exploitable remotely and is described as critical/high impact by several vendors (e.g., Red Hat, CVE databases). The root c...

CVE-2025-0295

CVE-2025-0295 concerns code-projects Online Book Shop 1.0. The issue is a cross-site scripting vulnerability in the /booklist.php endpoint, triggered by manipulating the subcatnm parameter (with subcatid=1). Affected functionality is unspecified beyond this endpoint; the attack can be launched re...

CVE-2025-0297

CVE-2025-0297 corresponds to a SQL injection vulnerability in code-projects Online Book Shop 1.0, arising from unsafely handling the id parameter in the file /detail.php . The affected component is the server-side PHP detail page; manipulation of the id argument enables an attacker to influence t...

CVE-2025-0298

CVE-2025-0298 affects code-projects Online Book Shop 1.0. The vulnerability is in the /process_login.php login logic where the argument usernm is manipulated, enabling SQL injection. Root cause: unsanitized user input leading to query manipulation. Reported as remotely exploitable with public dis...