VDB
CVE-2023-4848
CVE-2023-4848
PUBLISHED
CVSS 6.300000190734863 MEDIUM
A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability.
EPSS 0.04% · 14.4th percentile
Risk Scores
CVSS 3.1
6.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score
0.04%
14.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| simple_book_catalog_app_project | simple_book_catalog_app | 1.0, 1.0 |
| simple_book_catalog_app_project | simple_book_catalog_app | 1.0, 1.0 |
| SourceCodester | Simple Book Catalog App | 1.0, 1.0 |
Exploit Intelligence
Timeline
- Sep 9, 2023 CVE Published
- Sep 10, 2023 EPSS Score
- Oct 12, 2023 EPSS Score
- Nov 14, 2023 EPSS Score
- Dec 16, 2023 EPSS Score
- Jan 18, 2024 EPSS Score
- Feb 19, 2024 EPSS Score
- Mar 23, 2024 EPSS Score
- Apr 24, 2024 EPSS Score
- May 27, 2024 EPSS Score
- Jun 28, 2024 EPSS Score
- Jul 31, 2024 EPSS Score
References
- https://vuldb.com/?id.239257 vdb
- https://vuldb.com/?ctiid.239257 url
- https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/ exploit
- https://nvd.nist.gov/vuln/detail/CVE-2023-4848 advisory
- https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities url