CVE-2024-6013 MEDIUM

CVE-2024-6013: itsourcecode Online Book Store admin_delete.php sql injection

Vendor Itsourcecode

Product Online Book Store

Weakness CWE-89 · SQLi

Published June 15, 2024

Last update August 1, 2024

View on NVD All CVEs

CVSS base score

5.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in itsourcecode Online Book Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin_delete.php. The manipulation of the argument bookisbn leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-268721 was assigned to this vulnerability.

Key dates

02Disclosure timeline

June 15, 2024 CVE published

August 1, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-6013 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-5631 code-projects/anirbandutta9 Content Management System/News-Buzz publicposts.php sql injection CVE-2025-52820 WordPress WooCommerce Point Of Sale (POS) <= 1.4 - SQL Injection Vulnerability CVE-2026-0603 Org.hibernate/hibernate-core: hibernate: information disclosure and data deletion via second-order sql injection CVE-2024-55990 WordPress Mollie for Contact Form 7 plugin <= 5.0.0 - SQL Injection vulnerability CVE-2014-125061 peel filebroker common.rb select_transfer_status_desc sql injection