SQL Injection Vulnerability in Online Bookstore Project
CVE-2024-37848

8.4HIGH

Key Information:

Vendor: Online-Bookstore-Project-In-PHP
Status: Online-Bookstore-Project-In-PHP
Vendor: CVE Published:; 17 June 2024

🔔 Create Online-Bookstore-Project-In-PHP Vulnerability Alert

What is CVE-2024-37848?

The Online-Bookstore-Project-In-PHP v1.0 contains a SQL Injection vulnerability in the admin_delete.php component. This flaw allows a local attacker to execute arbitrary code, potentially compromising the application's integrity and exposing sensitive data. It is crucial for users to apply security measures and updates to mitigate this risk.

References

https://github.com/Lanxiy7th/lx_CVE_report-/issues/13

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 17, 2024
Vulnerability Reserved
Jun 10, 2024

CVE-2024-37848 Data

JSON