CVE-2024-10608 – code-projects Courier Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-10608
A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. • https://code-projects.org https://github.com/AXUyaku/cve/issues/1 https://vuldb.com/?ctiid.282617 https://vuldb.com/?id.282617 https://vuldb.com/?submit.434785 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10607 – code-projects Courier Management System track-result.php sql injection
https://notcve.org/view.php?id=CVE-2024-10607
A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. • https://code-projects.org https://github.com/yanhuoshanjin/cve/issues/1 https://vuldb.com/?ctiid.282616 https://vuldb.com/?id.282616 https://vuldb.com/?submit.434773 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-46974
https://notcve.org/view.php?id=CVE-2023-46974
Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. Vulnerabilidad de Cross Site Scripting en Best Courier Management System v.1.000 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro de página en la URL. • https://github.com/yte121/CVE-2023-46974 https://youtu.be/5oVfJHT_-Ys • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2023-48823 – GaatiTrack Courier Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-48823
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. Un problema de inyección de Blind SQL en ajax.php en GaatiTrack Courier Management System 1.0 permite que un atacante no autenticado inyecte un payload a través del parámetro de correo electrónico durante el inicio de sesión. GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/176030 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2023-48206 – GaatiTrack Courier Management System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48206
A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. Vulnerabilidad de Cross Site Scripting (XSS) en GaatiTrack Courier Management System 1.0 permite a un atacante remoto inyectar JavaScript a través del parámetro de página en login.php o header.php. GaatiTrack Courier Management System version 1.0 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/175803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •