All the vulnerabilites related to SourceCodester - Best Courier Management System
cve-2024-4945
Vulnerability from cvelistv5
Published
2024-05-16 05:00
Modified
2024-08-01 20:55
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
4.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS score ?
Summary
SourceCodester Best Courier Management System view_parcel.php unrestricted upload
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.264480 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.264480 | signature, permissions-required | |
| https://vuldb.com/?submit.333960 | third-party-advisory | |
| https://github.com/CveSecLook/cve/issues/28 | exploit, issue-tracking |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SourceCodester | Best Courier Management System |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4945",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T14:57:09.525902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:32.395Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.344Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "VDB-264480 | SourceCodester Best Courier Management System view_parcel.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.264480"
},
{
"name": "VDB-264480 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.264480"
},
{
"name": "Submit #333960 | SourceCodester Best courier management system project in php V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vuldb.com/?submit.333960"
},
{
"tags": [
"exploit",
"issue-tracking",
"x_transferred"
],
"url": "https://github.com/CveSecLook/cve/issues/28"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "zebra11 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-264480."
},
{
"lang": "de",
"value": "Es wurde eine problematische Schwachstelle in SourceCodester Best Courier Management System 1.0 ausgemacht. Es betrifft eine unbekannte Funktion der Datei view_parcel.php. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "CWE-434 Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-05-16T05:00:05.656Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-264480 | SourceCodester Best Courier Management System view_parcel.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.264480"
},
{
"name": "VDB-264480 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.264480"
},
{
"name": "Submit #333960 | SourceCodester Best courier management system project in php V1.0 Unrestricted Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.333960"
},
{
"tags": [
"exploit",
"issue-tracking"
],
"url": "https://github.com/CveSecLook/cve/issues/28"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-05-15T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2024-05-15T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2024-05-15T17:09:33.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Best Courier Management System view_parcel.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2024-4945",
"datePublished": "2024-05-16T05:00:05.656Z",
"dateReserved": "2024-05-15T15:03:30.266Z",
"dateUpdated": "2024-08-01T20:55:10.344Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5302
Vulnerability from cvelistv5
Published
2023-09-30 12:00
Modified
2024-09-20 16:24
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
SourceCodester Best Courier Management System Manage Account Page cross site scripting
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.240941 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.240941 | signature, permissions-required | |
| https://github.com/rohit0x5/poc/blob/main/cve_2 | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SourceCodester | Best Courier Management System |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.526Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.240941"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.240941"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/rohit0x5/poc/blob/main/cve_2"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5302",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T16:23:55.680478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T16:24:16.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Manage Account Page"
],
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "rohit_12 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-240941 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in SourceCodester Best Courier Management System 1.0 entdeckt. Sie wurde als problematisch eingestuft. Es geht hierbei um eine nicht n\u00e4her spezifizierte Funktion der Komponente Manage Account Page. Durch Manipulieren des Arguments First Name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T05:00:37.220Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.240941"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.240941"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/rohit0x5/poc/blob/main/cve_2"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-22T16:20:21.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Best Courier Management System Manage Account Page cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5302",
"datePublished": "2023-09-30T12:00:07.117Z",
"dateReserved": "2023-09-29T16:17:41.561Z",
"dateUpdated": "2024-09-20T16:24:16.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5271
Vulnerability from cvelistv5
Published
2023-09-29 16:00
Modified
2024-08-02 07:52
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
SourceCodester Best Courier Management System edit_parcel.php sql injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.240884 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.240884 | signature, permissions-required | |
| https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%203.pdf | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SourceCodester | Best Courier Management System |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:sourcecodester:best_courier_management_system:1.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "best_courier_management_system",
"vendor": "sourcecodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5271",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-05T20:14:42.835985Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-05T20:15:35.894Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.477Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.240884"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.240884"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%203.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-240884."
},
{
"lang": "de",
"value": "Eine kritische Schwachstelle wurde in SourceCodester Best Courier Management System 1.0 ausgemacht. Hierbei geht es um eine nicht exakt ausgemachte Funktion der Datei edit_parcel.php. Mittels Manipulieren des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T21:21:58.748Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.240884"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.240884"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%203.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-22T09:52:27.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Best Courier Management System edit_parcel.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5271",
"datePublished": "2023-09-29T16:00:07.092Z",
"dateReserved": "2023-09-29T06:32:58.549Z",
"dateUpdated": "2024-08-02T07:52:08.477Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5270
Vulnerability from cvelistv5
Published
2023-09-29 16:00
Modified
2024-08-02 07:52
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
SourceCodester Best Courier Management System view_parcel.php sql injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.240883 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.240883 | signature, permissions-required | |
| https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%202.pdf | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SourceCodester | Best Courier Management System |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5270",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-09T15:38:29.376850Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-09T15:38:44.329Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.240883"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.240883"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%202.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240883."
},
{
"lang": "de",
"value": "In SourceCodester Best Courier Management System 1.0 wurde eine kritische Schwachstelle ausgemacht. Dabei geht es um eine nicht genauer bekannte Funktion der Datei view_parcel.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T19:57:15.614Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.240883"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.240883"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%202.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-22T09:42:59.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Best Courier Management System view_parcel.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5270",
"datePublished": "2023-09-29T16:00:05.812Z",
"dateReserved": "2023-09-29T06:32:50.141Z",
"dateUpdated": "2024-08-02T07:52:08.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6301
Vulnerability from cvelistv5
Published
2023-11-26 23:31
Modified
2024-08-02 08:28
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.246127 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.246127 | signature, permissions-required | |
| https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SourceCodester | Best Courier Management System |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.497Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.246127"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.246127"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"GET Parameter Handler"
],
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "fzh1613 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input \u003c/TiTlE\u003e\u003cScRiPt\u003ealert(1)\u003c/ScRiPt\u003e leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-246127."
},
{
"lang": "de",
"value": "In SourceCodester Best Courier Management System 1.0 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Datei parcel_list.php der Komponente GET Parameter Handler. Mit der Manipulation des Arguments id mit der Eingabe \u003c/TiTlE\u003e\u003cScRiPt\u003ealert(1)\u003c/ScRiPt\u003e mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T23:31:05.687Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.246127"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.246127"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-11-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-11-26T08:38:20.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-6301",
"datePublished": "2023-11-26T23:31:05.687Z",
"dateReserved": "2023-11-26T07:33:10.402Z",
"dateUpdated": "2024-08-02T08:28:21.497Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6898
Vulnerability from cvelistv5
Published
2023-12-17 10:31
Modified
2025-05-07 20:40
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
SourceCodester Best Courier Management System manage_user.php sql injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.248256 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.248256 | signature, permissions-required | |
| https://github.com/Glunko/gaatitrack-courier-management-system_vulnerability/blob/main/sql_injection.md | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SourceCodester | Best Courier Management System |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:42:08.493Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.248256"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.248256"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/Glunko/gaatitrack-courier-management-system_vulnerability/blob/main/sql_injection.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6898",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-07T20:40:35.373091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-05-07T20:40:47.778Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "G1un (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Best Courier Management System 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei manage_user.php. Durch Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-17T10:31:04.117Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.248256"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.248256"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/Glunko/gaatitrack-courier-management-system_vulnerability/blob/main/sql_injection.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-12-16T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-12-16T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-12-16T20:37:29.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Best Courier Management System manage_user.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-6898",
"datePublished": "2023-12-17T10:31:04.117Z",
"dateReserved": "2023-12-16T19:32:09.370Z",
"dateUpdated": "2025-05-07T20:40:47.778Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6300
Vulnerability from cvelistv5
Published
2023-11-26 23:31
Modified
2024-10-10 20:33
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
SourceCodester Best Courier Management System cross site scripting
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.246126 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.246126 | signature, permissions-required | |
| https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SourceCodester | Best Courier Management System |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.313Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.246126"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.246126"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6300",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2023-11-28T20:07:58.571347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-10T20:33:30.982Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "fzh1613 (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input \u003c/TiTlE\u003e\u003cScRiPt\u003ealert(1)\u003c/ScRiPt\u003e leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246126 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Best Courier Management System 1.0 gefunden. Sie wurde als problematisch eingestuft. Hiervon betroffen ist ein unbekannter Codeblock. Dank Manipulation des Arguments page mit der Eingabe \u003c/TiTlE\u003e\u003cScRiPt\u003ealert(1)\u003c/ScRiPt\u003e mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-26T23:31:04.652Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.246126"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.246126"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-11-26T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-11-26T01:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-11-26T08:38:14.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Best Courier Management System cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-6300",
"datePublished": "2023-11-26T23:31:04.652Z",
"dateReserved": "2023-11-26T07:33:08.455Z",
"dateUpdated": "2024-10-10T20:33:30.982Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5269
Vulnerability from cvelistv5
Published
2023-09-29 15:31
Modified
2025-03-06 14:25
Severity ?
5.1 (Medium) - CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
SourceCodester Best Courier Management System GET Parameter parcel_list.php sql injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.240882 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.240882 | signature, permissions-required | |
| https://vuldb.com/?submit.212108 | third-party-advisory | |
| https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%201.pdf | exploit | |
| https://www.sourcecodester.com/ | product |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SourceCodester | Best Courier Management System |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.441Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.240882"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.240882"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%201.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5269",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T16:55:22.525306Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T16:55:31.815Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"GET Parameter Handler"
],
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id/s leads to sql injection. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Es wurde eine kritische Schwachstelle in SourceCodester Best Courier Management System 1.0 ausgemacht. Es geht dabei um eine nicht klar definierte Funktion der Datei parcel_list.php der Komponente GET Parameter Handler. Durch Manipulation des Arguments id/s mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "SQL Injection",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T14:25:24.388Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-240882 | SourceCodester Best Courier Management System GET Parameter parcel_list.php sql injection",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.240882"
},
{
"name": "VDB-240882 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.240882"
},
{
"name": "Submit #212108 | SQL injection vulnerability exists in Best courier management system",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.212108"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%201.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.sourcecodester.com/"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-03-06T15:30:19.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Best Courier Management System GET Parameter parcel_list.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5269",
"datePublished": "2023-09-29T15:31:05.343Z",
"dateReserved": "2023-09-29T06:32:44.643Z",
"dateUpdated": "2025-03-06T14:25:24.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5273
Vulnerability from cvelistv5
Published
2023-09-29 16:31
Modified
2024-08-02 07:52
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
SourceCodester Best Courier Management System manage_parcel_status.php cross site scripting
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.240886 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.240886 | signature, permissions-required | |
| https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%206.pdf | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SourceCodester | Best Courier Management System |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.240886"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.240886"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%206.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-240886 is the identifier assigned to this vulnerability."
},
{
"lang": "de",
"value": "In SourceCodester Best Courier Management System 1.0 wurde eine Schwachstelle entdeckt. Sie wurde als problematisch eingestuft. Das betrifft eine unbekannte Funktionalit\u00e4t der Datei manage_parcel_status.php. Durch Manipulieren des Arguments id mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.5,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 4,
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross Site Scripting",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T21:24:25.352Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.240886"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.240886"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%206.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-22T10:06:03.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Best Courier Management System manage_parcel_status.php cross site scripting"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5273",
"datePublished": "2023-09-29T16:31:06.144Z",
"dateReserved": "2023-09-29T06:33:12.045Z",
"dateUpdated": "2024-08-02T07:52:08.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-5272
Vulnerability from cvelistv5
Published
2023-09-29 16:31
Modified
2024-08-02 07:52
Severity ?
5.5 (Medium) - CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.5 (Medium) - CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
SourceCodester Best Courier Management System GET Parameter edit_parcel.php sql injection
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.240885 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.240885 | signature, permissions-required | |
| https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%204.pdf | exploit |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SourceCodester | Best Courier Management System |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-5272",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T19:11:00.671064Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T19:11:07.911Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:52:08.540Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://vuldb.com/?id.240885"
},
{
"tags": [
"signature",
"permissions-required",
"x_transferred"
],
"url": "https://vuldb.com/?ctiid.240885"
},
{
"tags": [
"exploit",
"x_transferred"
],
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%204.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"modules": [
"GET Parameter Handler"
],
"product": "Best Courier Management System",
"vendor": "SourceCodester",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "analyst",
"value": "SSL_Seven_Security Lab_WangZhiQiang_XiaoZiLong (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability."
},
{
"lang": "de",
"value": "Es wurde eine Schwachstelle in SourceCodester Best Courier Management System 1.0 entdeckt. Sie wurde als kritisch eingestuft. Es betrifft eine unbekannte Funktion der Datei edit_parcel.php der Komponente GET Parameter Handler. Durch das Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 5.2,
"vectorString": "AV:A/AC:L/Au:S/C:P/I:P/A:P",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-24T21:23:11.911Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.240885"
},
{
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.240885"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%204.pdf"
}
],
"timeline": [
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2023-09-29T00:00:00.000Z",
"value": "CVE reserved"
},
{
"lang": "en",
"time": "2023-09-29T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2023-10-22T09:59:45.000Z",
"value": "VulDB entry last update"
}
],
"title": "SourceCodester Best Courier Management System GET Parameter edit_parcel.php sql injection"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2023-5272",
"datePublished": "2023-09-29T16:31:04.970Z",
"dateReserved": "2023-09-29T06:33:04.861Z",
"dateUpdated": "2024-08-02T07:52:08.540Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}