SQL Injection Vulnerabilities in CSE Bookstore Version 1.0

SQL Injection Vulnerabilities in CSE Bookstore Version 1.0

CVE-2020-36112 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.