SourceCodester Best Courier Management System GET Parameter parcel_list.php sql injection
CVE-2023-5269

8.8HIGH

Key Information:

Vendor
Sourcecodester
Status
Best Courier Management System
Vendor
CVE Published:
29 September 2023

Summary

A SQL injection vulnerability has been identified in SourceCodester's Best Courier Management System version 1.0. This issue lies within the GET Parameter Handler, specifically the 's' argument in the file parcel_list.php. Manipulation of this parameter can allow attackers to execute arbitrary SQL queries, leading to unauthorized data access and potential data compromise. The vulnerability has been publicly disclosed, and users are encouraged to apply necessary security measures to safeguard their systems.

Affected Version(s)

Best Courier Management System 1.0

References

https://vuldb.com/?id.240882
vdb-entrytechnical-description
https://vuldb.com/?ctiid.240882
signaturepermissions-required
https://github.com/E1CHO/cve_hub/blob/main/Best%20courier...
exploit

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)
.