CVE-2023-43739

Summary

The 'bookisbn' parameter of the cart.php resource

does not validate the characters received and they

are sent unfiltered to the database.

Affected Software

VendorProductVersion RangeStatus
Online Book Store ProjectOnline Book Store Project1.0affected

Weaknesses

  • CWE-89: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: total

References