SQL Injection Vulnerability in Projectsworlds Online Book Store PHP
CVE-2021-43155

9.8CRITICAL

Key Information:

Vendor: Projectworlds
Status: Online Book Store Project In PHP
Vendor: CVE Published:; 22 December 2021

🔔 Create Projectworlds Vulnerability Alert

What is CVE-2021-43155?

The Online Book Store PHP v1.0 by Projectsworlds is susceptible to SQL injection attacks. This vulnerability arises from inadequate input validation on the 'bookisbn' parameter in cart.php, allowing potential attackers to execute arbitrary SQL queries, which can lead to unauthorized data access and manipulation. It is crucial for users of this application to review and implement necessary security measures to protect their data.

References

https://github.com/projectworldsofficial/online-book-stor...

x_refsource_MISC

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 22, 2021
Vulnerability Reserved
Nov 1, 2021