CVE-2024-6008: itsourcecode Online Book Store edit_book.php sql injection
First published: Sat Jun 15 2024(Updated: )
A vulnerability, which was classified as critical, was found in itsourcecode Online Book Store up to 1.0. Affected is an unknown function of the file /edit_book.php. The manipulation of the argument image leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-268698 is the identifier assigned to this vulnerability.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| itsourcecode Online Bookstore | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2024-6008?
CVE-2024-6008 is classified as a critical vulnerability.
How do I fix CVE-2024-6008?
To fix CVE-2024-6008, sanitize and validate the input parameters in the /edit_book.php file to prevent SQL injection.
What type of vulnerability is CVE-2024-6008?
CVE-2024-6008 is an SQL injection vulnerability.
Can CVE-2024-6008 be exploited remotely?
Yes, CVE-2024-6008 can be exploited remotely.
Which software is affected by CVE-2024-6008?
CVE-2024-6008 affects isourcecode Online Book Store version 1.0.
- agent/weakness
- agent/title
- agent/references
- agent/first-publish-date
- agent/description
- agent/type
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/softwarecombine
- agent/event
- collector/epss-latest
- source/FIRST
- agent/epss
- agent/source
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/isourcecode
- canonical/itsourcecode online bookstore
- version/itsourcecode online bookstore/1.0