CVE-2024-2271 | keerti1924 Online-Book-Store-Website 1.0 HTTP POST Request /shop.php product_name sql injection

A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument product_name leads to sql injection.

This vulnerability is uniquely identified as CVE-2024-2271. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2024-2271 | keerti1924 Online-Book-Store-Website 1.0 HTTP POST Request /shop.php product_name sql injection

Post correlati

CVE-2024-46280 | PIX-LINK LV-WR22 RE3002-P1-01_V117.0 Telnet Service weak password

CVE-2024-10332 | Impronta Janto 4.3r11 main.php cross site scripting

CVE-2024-6883 | Event Espresso 4 Decaf Plugin up to 5.0.22.decaf on WordPress Setting authorization

CVE-2024-41965 | vim up to 9.1.0647 File Name dialog_changed use after free (GHSA-46pw-v7qw-xc2f / b29f4abcd4b3382fa746edd1d0562b7b48c)