CVE-2019-1010034

Published: Jul 15, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Deepwoods Software WebLibrarian 3.5.2 and earlier is affected by: SQL Injection. The impact is: Exposing the entire database. The component is: Function "AllBarCodes" (defined at database_code.php line 1018) is vulnerable to a boolean-based blind sql injection. This function call can be triggered by any user logged-in with at least Volunteer role or manage_circulation capabilities. PoC : /wordpress/wp-admin/admin.php?page=weblib-circulation-desk&orderby=title&order=DESC.

Vendor	Product	Versions
Deepwoods Software	WebLibrarian	affected `≤ 3.5.2`

References

https://plugins.trac.wordpress.org/browser/weblibrarian/trunk/includes/database_code.php

x_refsource_MISC

https://wpvulndb.com/vulnerabilities/9553

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2019-1010034

Description

Affected Products

References