book_store_management_system_project 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
一般的な弱点パターンには vendor risk cross-site scripting、vendor risk input validation, and パス処理の欠陥 があり、vendor surface software deployment の利用場面で vendor impact session compromise、vendor impact unexpected behavior, and ファイル上書き などのリスクが生じる可能性があります。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-49543 | Incorrect access control in Book Store Management System v1 allows attackers to access unauthorized pages and execute administrative functions without authenticating. | [email protected] | 9.8 | 0.96% | 2024-03-01 | 2026-06-17 |
| CVE-2023-23024 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the writer parameter. | [email protected] | 6.1 | 0.42% | 2023-01-20 | 2026-06-17 |
| CVE-2022-45613 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the publisher parameter. | [email protected] | 5.4 | 0.46% | 2023-01-18 | 2026-06-17 |
| CVE-2022-45217 | A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Level parameter under the Add New System User module. | [email protected] | 5.4 | 0.55% | 2022-12-07 | 2026-06-17 |
| CVE-2022-45215 | A cross-site scripting (XSS) vulnerability in Book Store Management System v1.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter under the Add New System User module. | [email protected] | 5.4 | 0.38% | 2022-12-02 | 2026-06-17 |
| CVE-2022-4229 | A vulnerability classified as critical was found in SourceCodester Book Store Management System 1.0. This vulnerability affects unknown code of the file /bsms_ci/index.php. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-214588. | [email protected] | 7.3 | 0.90% | 2022-11-30 | 2026-06-17 |
| CVE-2022-4228 | A vulnerability classified as problematic has been found in SourceCodester Book Store Management System 1.0. This affects an unknown part of the file /bsms_ci/index.php/user/edit_user/. The manipulation of the argument password leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-214587. | [email protected] | 5.3 | 1.21% | 2022-11-30 | 2026-06-17 |
| CVE-2022-44097 | Book Store Management System v1.0 was discovered to contain hardcoded credentials which allows attackers to escalate privileges and access the admin panel. | [email protected] | 9.8 | 0.76% | 2022-11-30 | 2026-06-17 |
| CVE-2022-45225 | Book Store Management System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in /bsms_ci/index.php/book. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the book_title parameter. | [email protected] | 6.1 | 0.48% | 2022-11-25 | 2026-06-17 |
| CVE-2022-3453 | A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /transcation.php. The manipulation of the argument buyer_name leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-210437 was assigned to this vulnerability. | [email protected] | 3.5 | 0.35% | 2022-10-11 | 2026-06-17 |
| CVE-2022-3452 | A vulnerability was found in SourceCodester Book Store Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /category.php. The manipulation of the argument category_name leads to cross site scripting. The attack can be initiated remotely. The identifier of this vulnerability is VDB-210436. | [email protected] | 3.5 | 0.39% | 2022-10-11 | 2026-06-17 |