Cross-Site Scripting Vulnerability in 1000 Projects Bookstore Management System
CVE-2025-1174

4.8MEDIUM

Key Information:

Vendor
1000 Projects
Status
Bookstore Management System
Vendor
CVE Published:
11 February 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A cross-site scripting vulnerability exists in the Add Book Page of the 1000 Projects Bookstore Management System version 1.0. The issue arises from improper handling of user input in the 'Book Name' parameter within the process_book_add.php file. Attackers can exploit this vulnerability to inject malicious scripts that may execute in the browsers of users who visit the affected page. Remote exploitation is possible, which could lead to unauthorized actions on behalf of users or the exposure of sensitive data. Other parameters related to this functionality may also be susceptible to similar exploits.

Affected Version(s)

Bookstore Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-1174 - Proof of Concept

References

https://vuldb.com/?id.295078
vdb-entrytechnical-description
https://vuldb.com/?ctiid.295078
signaturepermissions-required
https://vuldb.com/?submit.495318
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

Neo-O (VulDB User)
.