CVE-2024-13002 MEDIUM

CVE-2024-13002: 1000 Projects Bookstore Management System order_process.php sql injection

Vendor 1000 Projects
Product Bookstore Management System
Weakness CWE-89 · SQLi
Published December 29, 2024
Last update December 31, 2024
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /order_process.php. The manipulation of the argument fnm leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

December 29, 2024 CVE published
December 31, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2021-24392 WordPress Membership SwiftCloud.io <= 1.0 - Authenticated SQL Injection CVE-2025-6850 code-projects Simple Forum forum1.php sql injection CVE-2025-3176 Project Worlds Online Lawyer Management System single_lawyer.php sql injection CVE-2024-5756 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.23 - Unauthenticated SQL Injection via optin CVE-2025-39389 WordPress AnalyticsWP <= 2.1.2 - SQL Injection Vulnerability