SQL Injection Vulnerability in 1000 Projects Bookstore Management System
CVE-2024-10844
Key Information
- Vendor
- 1000 Projects
- Status
- Bookstore Management System
- Vendor
- CVE Published:
- 5 November 2024
Badges
Summary
A serious SQL injection vulnerability exists in the 1000 Projects Bookstore Management System version 1.0, specifically within the 'search.php' file. This flaw permits attackers to manipulate the 's' parameter, facilitating unauthorized database access and potentially allowing for remote code execution. As this issue has been publicly disclosed, immediate mitigation measures are essential to safeguard the integrity and confidentiality of database information in affected systems.
Affected Version(s)
Bookstore Management System = 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- π‘
Public PoC available
Vulnerability Reserved
- πΎ
Exploit known to exist
Vulnerability published