CVE-2020-36112

CVE-2020-36112 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including Musyoka Ian. A Nuclei detection template is also available.

AI-analyzed exploit summary The exploit demonstrates SQL injection vulnerabilities in CSE Bookstore 1.0, specifically in the `pubid` parameter of `bookPerPub.php`, the `bookisbn` parameter in `cart.php`, and `book.php`. It includes payloads for boolean-based blind, error-based, and time-based blind SQL injection.

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.