Search criteria
2 vulnerabilities by iJason-Liu
CVE-2026-1445 (GCVE-0-2026-1445)
Vulnerability from cvelistv5 – Published: 2026-01-26 22:02 – Updated: 2026-01-26 22:02
VLAI?
Title
iJason-Liu Books_Manager upload_bookCover.php unrestricted upload
Summary
A vulnerability was found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This vulnerability affects unknown code of the file controllers/books_center/upload_bookCover.php. Performing a manipulation of the argument book_cover results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iJason-Liu | Books_Manager |
Affected:
298ba736387ca37810466349af13a0fdf828e99c
|
Credits
y1fan (VulDB User)
{
"containers": {
"cna": {
"affected": [
{
"product": "Books_Manager",
"vendor": "iJason-Liu",
"versions": [
{
"status": "affected",
"version": "298ba736387ca37810466349af13a0fdf828e99c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "y1fan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This vulnerability affects unknown code of the file controllers/books_center/upload_bookCover.php. Performing a manipulation of the argument book_cover results in unrestricted upload. The attack may be initiated remotely. The exploit has been made public and could be used. This product uses a rolling release model to deliver continuous updates. As a result, specific version information for affected or updated releases is not available."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.8,
"vectorString": "AV:N/AC:L/Au:M/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T22:02:05.762Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-342874 | iJason-Liu Books_Manager upload_bookCover.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.342874"
},
{
"name": "VDB-342874 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.342874"
},
{
"name": "Submit #736971 | https://github.com/iJason-Liu/Books_Manager Books_Manager 1.0 File Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.736971"
},
{
"tags": [
"exploit"
],
"url": "https://blog.y1fan.work/2026/01/13/%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0getshell/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-26T16:03:18.000Z",
"value": "VulDB entry last update"
}
],
"title": "iJason-Liu Books_Manager upload_bookCover.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-1445",
"datePublished": "2026-01-26T22:02:05.762Z",
"dateReserved": "2026-01-26T14:58:05.933Z",
"dateUpdated": "2026-01-26T22:02:05.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-1444 (GCVE-0-2026-1444)
Vulnerability from cvelistv5 – Published: 2026-01-26 21:32 – Updated: 2026-01-26 21:32
VLAI?
Title
iJason-Liu Books_Manager add_book_check.php cross site scripting
Summary
A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such manipulation of the argument mark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
Severity ?
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| iJason-Liu | Books_Manager |
Affected:
298ba736387ca37810466349af13a0fdf828e99c
|
Credits
y1fan (VulDB User)
{
"containers": {
"cna": {
"affected": [
{
"product": "Books_Manager",
"vendor": "iJason-Liu",
"versions": [
{
"status": "affected",
"version": "298ba736387ca37810466349af13a0fdf828e99c"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "y1fan (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in iJason-Liu Books_Manager up to 298ba736387ca37810466349af13a0fdf828e99c. This affects an unknown part of the file controllers/books_center/add_book_check.php. Such manipulation of the argument mark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 2.4,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:L/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 3.3,
"vectorString": "AV:N/AC:L/Au:M/C:N/I:P/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-26T21:32:05.930Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-342873 | iJason-Liu Books_Manager add_book_check.php cross site scripting",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.342873"
},
{
"name": "VDB-342873 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.342873"
},
{
"name": "Submit #736968 | https://github.com/iJason-Liu/Books_Manager Books_Manager 1.0 Stored XSS",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.736968"
},
{
"tags": [
"exploit"
],
"url": "https://blog.y1fan.work/2026/01/13/%E5%AD%98%E5%82%A8%E5%9E%8Bxss/"
}
],
"timeline": [
{
"lang": "en",
"time": "2026-01-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2026-01-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2026-01-26T16:02:09.000Z",
"value": "VulDB entry last update"
}
],
"title": "iJason-Liu Books_Manager add_book_check.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2026-1444",
"datePublished": "2026-01-26T21:32:05.930Z",
"dateReserved": "2026-01-26T14:53:34.103Z",
"dateUpdated": "2026-01-26T21:32:05.930Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}