CVE-2025-9700 MEDIUM

CVE-2025-9700: SourceCodester Online Book Store publisher_list.php sql injection

Vendor Sourcecodester

Product Online Book Store

Weakness CWE-89 · SQLi

Published August 30, 2025

Last update September 2, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in SourceCodester Online Book Store 1.0. This issue affects some unknown processing of the file /publisher_list.php. This manipulation of the argument pubid causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may be used.

Key dates

02Disclosure timeline

August 30, 2025 CVE published

September 2, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-9700 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/89.html

Related vulnerabilities

04Related CVE

CVE-2025-5403 chaitak-gorai Blogbook GET Parameter view_all_posts.php sql injection CVE-2025-9771 SourceCodester Eye Clinic Management System search_index_Diagnosis.php sql injection CVE-2025-8229 Campcodes Courier Management System parcel_list.php sql injection CVE-2024-2876 Icegram Express - Email Subscribers, Newsletters and Marketing Automation Plugin <= 5.7.14 - Unauthenticated SQL Injection CVE-2025-1173 1000 Projects Bookstore Management System process_users_del.php sql injection