Vulnerability Details CVE-2020-36112
CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.858
EPSS Ranking 99.4%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2020-36112
-
cpe:2.3:a:cse_bookstore_project:cse_bookstore:1.0