2 matches found
CVE-2023-4847
CVE-2023-4847 affects SourceCodester Simple Book Catalog App v1.0, specifically the Update Book Form. An unknown function within this form lets an attacker manipulate the book_title or book_author parameters, causing cross-site scripting. The vulnerability is remote-exploitable and has public exp...
CVE-2023-4848
The CVE-2023-4848 entry concerns SourceCodester Simple Book Catalog App 1.0. Affected component: delete_book.php where manipulating the delete parameter triggers an SQL injection. Root cause is insecure handling of user-supplied input in the delete functionality, enabling remote exploitation. Pub...