CVE-2025-0296: code-projects Online Book Shop booklist.php sql injection
First published: Tue Jan 07 2025(Updated: )
A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Credit: cna@vuldb.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| code-projects Online Book Shop | ||
| code-projects Online Book Shop | =1.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-0296?
CVE-2025-0296 has been classified as critical due to its potential for remote SQL injection.
How do I fix CVE-2025-0296?
To fix CVE-2025-0296, sanitize user input in the subcatid argument and implement prepared statements in the SQL queries.
What software is affected by CVE-2025-0296?
CVE-2025-0296 affects the code-projects Online Book Shop version 1.0.
Can CVE-2025-0296 be exploited remotely?
Yes, CVE-2025-0296 can be exploited remotely by manipulating the subcatid parameter.
What impact does CVE-2025-0296 have on the system?
CVE-2025-0296 allows attackers to execute arbitrary SQL queries, which could compromise the database security.
- agent/weakness
- agent/title
- agent/references
- agent/description
- agent/type
- agent/first-publish-date
- agent/author
- collector/mitre-cve
- source/MITRE
- agent/source
- agent/guess-ai
- agent/software-canonical-lookup
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/nvd-api
- source/NVD
- agent/last-modified-date
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/event
- vendor/code-projects
- canonical/code-projects online book shop
- version/code-projects online book shop/1.0