CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46974
https://notcve.org/view.php?id=CVE-2023-46974
Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. Vulnerabilidad de Cross Site Scripting en Best Courier Management System v.1.000 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro de página en la URL. • https://github.com/yte121/CVE-2023-46974 https://youtu.be/5oVfJHT_-Ys • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48823 – GaatiTrack Courier Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-48823
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. Un problema de inyección de Blind SQL en ajax.php en GaatiTrack Courier Management System 1.0 permite que un atacante no autenticado inyecte un payload a través del parámetro de correo electrónico durante el inicio de sesión. GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/176030 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48206 – GaatiTrack Courier Management System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48206
A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. Vulnerabilidad de Cross Site Scripting (XSS) en GaatiTrack Courier Management System 1.0 permite a un atacante remoto inyectar JavaScript a través del parámetro de página en login.php o header.php. GaatiTrack Courier Management System version 1.0 suffers from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/175803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2021-46198
https://notcve.org/view.php?id=CVE-2021-46198
An SQL Injection vulnerability exists in Sourceodester Courier Management System 1.0 via the email parameter in /cms/ajax.php app. Se presenta una vulnerabilidad de inyección SQL en Sourceodester Courier Management System versión 1.0, por medio del parámetro email en el archivo /cms/ajax.php • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/oretnom23/2022/Courier-Management-System https://www.nu11secur1ty.com/2022/01/courier-management-system-10-sql.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35329
https://notcve.org/view.php?id=CVE-2020-35329
Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. Courier Management System versión 1.0 1.0, está afectado por una inyección SQL por medio de "MULTIPART street" • https://www.exploit-db.com/exploits/49242 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •