| Title | Bookstore Management System (PHP & MySQL) V1.0 SQL Injection |
|---|
| Description | A critical SQL injection flaw was identified in the /order_process.php file of the Bookstore Management System PHP MySQL Project. Attackers can exploit the fnm parameter by injecting malicious SQL commands directly into database queries, bypassing required sanitation or validation. This allows unauthorized access to the underlying database, leading to:
Sensitive data theft
Modification or deletion of critical information
Escalation to full system compromise
No authentication is required to exploit this vulnerability, significantly elevating the risk. |
|---|
| Source | ⚠️ https://github.com/writeke/CVE/blob/main/BookstoreManagementSystemSQL.md |
|---|
| User | writerke (UID 79502) |
|---|
| Submission | 12/27/2024 03:24 AM (1 Year ago) |
|---|
| Moderation | 12/28/2024 09:37 AM (1 day later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 289663 [1000 Projects Bookstore Management System 1.0 /order_process.php fnm sql injection] |
|---|
| Points | 20 |
|---|