CVE-2020-36003 Information

Description

The id parameter in detail.php of Online Book Store v1.0 is vulnerable to union-based blind SQL injection which leads to the ability to retrieve all databases.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://www.sourcecodester.com/download-code?nid=14383&title=Online+Book+Store https://www.sourcecodester.com/php/14383/online-book-store.html https://github.com/TCSWT/Online-Book-Store/blob/main/Online-Book-Store.md

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5