CVE-2020-36112 Scanner

CSE Bookstore is an e-commerce platform developed for the Computer Science and Engineering students, teachers and professionals who are looking for books and digital assets related to their field. This web application provides a user-friendly interface with a wide range of categories, authors, publishers and languages. Customers can browse, search and purchase books, as well as add them to their cart and checkout securely.

However, the CSE Bookstore version 1.0 has recently been detected to have a serious vulnerability identified as CVE-2020-36112. This vulnerability is caused by a lack of proper input validation in the pubid parameter within the bookPerPub.php and cart.php pages. This vulnerability is a combination of time-based blind, boolean-based blind and OR error-based SQL injection that allows a malicious attacker to execute arbitrary SQL queries within the application's database.

If an attacker successfully exploits this vulnerability they can gain unauthorized access to sensitive information such as customer details, sales transactions, and other stored data. This can lead to malicious activities such as database manipulation, data leakage, identity theft, financial fraud, and many more.

In conclusion, the CSE Bookstore is an invaluable tool for computer science and engineering individuals, but this vulnerability presents a major threat to its security. Fortunately, security services such as s4e.io can help individuals understand and manage potential vulnerabilities before they even become an issue. By staying vigilant and taking proactive measures, users can ensure the safety of their digital assets and continue to enjoy the benefits of the CSE Bookstore without fear of exploitation.

REFERENCES

• https://www.exploit-db.com/exploits/49314