SQL Injection Vulnerability in 1000projects Bookstore Management System
CVE-2024-55496

Currently unrated

Key Information:

Vendor: 1000projects
Status: Bookstore Management System
Vendor: CVE Published:; 17 December 2024

🔔 Create 1000projects Vulnerability Alert

What is CVE-2024-55496?

A critical SQL injection vulnerability has been identified in the 1000projects Bookstore Management System PHP MySQL Project version 1.0. This vulnerability arises from improper handling of the delete parameter in the add_company.php file, allowing attackers to execute arbitrary SQL queries. Such exploitation could potentially lead to unauthorized access to sensitive data, compromise data integrity, and allow for further exploitation of the system. It is crucial for users of this system to apply necessary patches and review security practices to mitigate risks associated with this vulnerability.

References

https://1000projects.org/bookstore-management-system-php-...

https://github.com/wpc1122/CVE/issues/1

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2024