cbcvebase.

Ordasoft Com Booklibrary vulnerabilities

4 known vulnerabilities affecting ordasoft/com_booklibrary.

Total CVEs
4
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH4

Vulnerabilities

Page 1 of 1
CVE-2009-2637P3HIGHCVSS 7.5PoCv1.5.2.42009-07-28
CVE-2009-2637 [HIGH] CWE-94 CVE-2009-2637: PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) comp PHP remote file inclusion vulnerability in toolbar_ext.php in the BookLibrary (com_booklibrary) component 1.5.2.4 Basic for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.
nvd
CVE-2009-3817P3HIGHCVSS 7.5PoCv1.02009-10-28
CVE-2009-3817 [HIGH] CVE-2009-3817: PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) PHP remote file inclusion vulnerability in doc/releasenote.php in the BookLibrary (com_booklibrary) component 1.0 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter, a different vector than CVE-2009-2637. NOTE: the provenance of this information is unknown; the details are obtained solely from thi
nvd
CVE-2010-1522P3HIGHCVSS 7.5v1.5.32010-07-02
CVE-2010-1522 [HIGH] CWE-89 CVE-2010-1522: Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 be Multiple SQL injection vulnerabilities in the BookLibrary Basic (com_booklibrary) component 1.5.3 before 1.5.3_2010_06_20 for Joomla! allow remote attackers to execute arbitrary SQL commands via the bid[] parameter in a (1) lend_request or (2) save_lend_request action to index.php, the id parameter in a (3) mdownload or (4) downitsf action to index.php,
nvd
CVE-2010-2851P3HIGHCVSS 7.5v1.52010-07-25
CVE-2010-2851 [HIGH] CWE-89 CVE-2010-2851: SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and pos SQL injection vulnerability in the BookLibrary From Same Author (com_booklibrary) module 1.5 and possibly earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
nvd
Ordasoft Com Booklibrary vulnerabilities | cvebase