SQL Injection Vulnerability in Sourcecodester Best Courier Management System
CVE-2023-46006

9.8CRITICAL

Key Information:

Vendor: Mayurik
Status: Best Courier Management System
Vendor: CVE Published:; 18 October 2023

What is CVE-2023-46006?

The Sourcecodester Best Courier Management System 1.0 contains a vulnerability that allows an SQL Injection attack through the 'id' parameter in '/edit_user.php'. This flaw could enable an attacker to manipulate database queries, potentially leading to unauthorized data access and alterations. Organizations using this application should take immediate steps to secure their systems against such exploits.

References

https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 18, 2023
Vulnerability Reserved
Oct 16, 2023

Mayurik

What is CVE-2023-46006?

References

CVSS V3.1

Timeline