3 matches found
CVE-2022-37796
CVE-2022-37796 affects Simple Online Book Store System v1.0. The issue is a Cross-Site Scripting (XSS) vulnerability in /admin_book.php affecting the Title, Author, and Description parameters. Root cause details are not explicitly provided beyond the XSS description; no product/vendor-specific pa...
CVE-2024-6951
The CVE-2024-6951 entry corresponds to a SQL injection in SourceCodester Simple Online Book Store System 1.0,具体 affecting the admin_delete.php logic where the bookisbn parameter is manipulated. Exploitation can be performed remotely and has been disclosed publicly, with multiple sources assigning...
CVE-2025-63891
The vulnerability CVE-2025-63891 affects SourceCodester’s Simple Online Book Store System. A remote, unauthenticated attacker can disclose the full database contents (including schema and credential hashes) by accessing a web‑accessible backup file via an unauthenticated HTTP GET to /obs/database...