CVE-2020-36112

CRITICAL EXPLOITED NUCLEI

Cse Bookstore - SQL Injection

Title source: rule

Description

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.

Exploits (1)

exploitdb WORKING POC

by Musyoka Ian · textwebappsphp

https://www.exploit-db.com/exploits/49314

View Code ZIP pw:eip

Nuclei Templates (1)

CSE Bookstore 1.0 - SQL Injection

CRITICALby geeknik

References (1)

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49314

Scores

CVSS v3 9.8

EPSS 0.8949

EPSS Percentile 99.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

VulnCheck KEV 2023-12-21

CWE

CWE-89

Status published

Products (1)

cse_bookstore_project/cse_bookstore 1.0

Published Jan 04, 2021

Tracked Since Feb 18, 2026