Description

A vulnerability was found in itsourcecode Online Bookstore 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file bookPerPub.php. The manipulation of the argument pubid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-268459.

Classification

Assigner: [email protected]

CWE: CWE-89

Links
CPEs
  • itsourcecode online_bookstore 1.0

CVSS

CVSS version: 3.1 Base score: 6.3
Base severity: MEDIUM Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Exploitability score: 2.8 Impact score: 3.4

Can you explain the CVE description?

This CVE description is for a vulnerability identified as CVE-2024-5983 in itsourcecode Online Bookstore 1.0. The vulnerability is considered critical as it allows for SQL injection through the manipulation of the pubid argument in the file bookPerPub.php. This vulnerability can be exploited remotely, and the exploit has been disclosed publicly. The CVSS score for this vulnerability is 6.3, indicating a medium severity level. The CWE associated with this vulnerability is CWE-89. The vulnerability was published on June 14, 2024, and the status is listed as EARLY_WARNING. Various resources and links related to this vulnerability are provided in the description.

How can this vulnerability be part of an attack tree?

This vulnerability can be part of an attack tree by leveraging the SQL injection vulnerability in the file bookPerPub.php to extract sensitive information from the database of itsourcecode Online Bookstore 1.0. An attacker could potentially exploit this vulnerability remotely by manipulating the argument pubid to execute malicious SQL queries. By successfully exploiting this vulnerability, an attacker could gain unauthorized access to sensitive data such as user credentials, payment information, or other confidential data stored in the database. This information could then be used for further attacks such as identity theft, financial fraud, or unauthorized access to other systems and services. Overall, this vulnerability poses a significant threat to the security and integrity of the Online Bookstore application and its users, making it a critical component in an attack tree aimed at compromising the system and its data.


Generated on: 2024-07-01