CVE-2022-2770 — SQL Injection in Simple Online Book Store System

CWE-89 — SQL Injection3 documents3 sources

Severity

9.8CRITICALNVD

CNA6.3

EPSS

0.3%

top 45.82%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Sourcecodester Simple Online Book Store System

Timeline

PublishedAug 11

Latest updateAug 12

Description

A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System. Affected is an unknown function of the file /obs/book.php. The manipulation of the argument bookisbn leads to sql injection. It is possible to launch the attack remotely. VDB-206166 is the identifier assigned to this vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages1 packages

▶CVEListV5sourcecodester/simple_online_book_store_systemn/a

🔴Vulnerability Details

GHSA

GHSA-p82j-f8v4-wg4c: A vulnerability, which was classified as critical, was found in SourceCodester Simple Online Book Store System↗2022-08-12

▶

CVEList

SourceCodester Simple Online Book Store System book.php sql injection↗2022-08-11

▶