{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-4848", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2023-09-08T15:37:17.028Z", "datePublished": "2023-09-09T10:00:06.817Z", "dateUpdated": "2024-09-26T14:53:56.089Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-24T15:58:43.788Z"}, "title": "SourceCodester Simple Book Catalog App delete_book.php sql injection", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-89", "lang": "en", "description": "CWE-89 SQL Injection"}]}], "affected": [{"vendor": "SourceCodester", "product": "Simple Book Catalog App", "versions": [{"version": "1.0", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability."}, {"lang": "de", "value": "In SourceCodester Simple Book Catalog App 1.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei delete_book.php. Durch das Manipulieren des Arguments delete mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "timeline": [{"time": "2023-09-08T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2023-09-08T00:00:00.000Z", "lang": "en", "value": "CVE reserved"}, {"time": "2023-09-08T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2023-10-04T12:45:37.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "gikaku (VulDB User)", "type": "analyst"}], "references": [{"url": "https://vuldb.com/?id.239257", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.239257", "tags": ["signature", "permissions-required"]}, {"url": "https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/", "tags": ["exploit"]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.905Z"}, "title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.239257", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.239257", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/", "tags": ["exploit", "x_transferred"]}]}, {"affected": [{"vendor": "simple_book_catalog_app_project", "product": "simple_book_catalog_app", "cpes": ["cpe:2.3:a:simple_book_catalog_app_project:simple_book_catalog_app:1.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.0", "status": "affected"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-26T14:50:56.358850Z", "id": "CVE-2023-4848", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T14:53:56.089Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://vuldb.com/?id.239257", "tags": ["vdb-entry", "technical-description", "x_transferred"]}, {"url": "https://vuldb.com/?ctiid.239257", "tags": ["signature", "permissions-required", "x_transferred"]}, {"url": "https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/", "tags": ["exploit", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T07:38:00.905Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-4848", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-09-26T14:50:56.358850Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:simple_book_catalog_app_project:simple_book_catalog_app:1.0:*:*:*:*:*:*:*"], "vendor": "simple_book_catalog_app_project", "product": "simple_book_catalog_app", "versions": [{"status": "affected", "version": "1.0"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-26T14:52:59.851Z"}}], "cna": {"title": "SourceCodester Simple Book Catalog App delete_book.php sql injection", "credits": [{"lang": "en", "type": "analyst", "value": "gikaku (VulDB User)"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}], "affected": [{"vendor": "SourceCodester", "product": "Simple Book Catalog App", "versions": [{"status": "affected", "version": "1.0"}]}], "timeline": [{"lang": "en", "time": "2023-09-08T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2023-09-08T00:00:00.000Z", "value": "CVE reserved"}, {"lang": "en", "time": "2023-09-08T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2023-10-04T12:45:37.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.239257", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.239257", "tags": ["signature", "permissions-required"]}, {"url": "https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability."}, {"lang": "de", "value": "In SourceCodester Simple Book Catalog App 1.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei delete_book.php. Durch das Manipulieren des Arguments delete mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-89", "description": "CWE-89 SQL Injection"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2023-10-24T15:58:43.788Z"}}}, "cveMetadata": {"cveId": "CVE-2023-4848", "state": "PUBLISHED", "dateUpdated": "2024-09-26T14:53:56.089Z", "dateReserved": "2023-09-08T15:37:17.028Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2023-09-09T10:00:06.817Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:simple_book_catalog_app_project:simple_book_catalog_app:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "D6C39FCA-91C9-4086-B1CB-5DA4E70D49CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in SourceCodester Simple Book Catalog App 1.0. Affected by this vulnerability is an unknown functionality of the file delete_book.php. The manipulation of the argument delete leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-239257 was assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad clasificada como cr\u00edtica en SourceCodester Simple Book Catalog App 1.0. Esta vulnerabilidad afecta a una funcionalidad desconocida del archivo delete_book.php. La manipulaci\u00f3n de la eliminaci\u00f3n del argumento conduce a la inyecci\u00f3n sql. El ataque se puede lanzar de forma remota. El exploit ha sido divulgado al p\u00fablico y puede ser utilizado. El identificador VDB-239257 se asign\u00f3 a esta vulnerabilidad."}], "id": "CVE-2023-4848", "lastModified": "2024-05-17T02:31:49.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2023-09-09T10:15:07.287", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://skypoc.wordpress.com/2023/09/04/sourcecodester-simple-book-catalog-app-v1-0-has-multiple-vulnerabilities/"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?ctiid.239257"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://vuldb.com/?id.239257"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{}