CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46451
https://notcve.org/view.php?id=CVE-2023-46451
Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. Best Courier Management System v1.0 es vulnerable a Cross Site Scripting (XSS) en el campo de cambio de nombre de usuario. • https://github.com/sajaljat/CVE-2023-46451 https://youtu.be/f8B3_m5YfqI • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46004
https://notcve.org/view.php?id=CVE-2023-46004
Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. Sourcecodester Best Courier Management System 1.0 es vulnerable a la carga arbitraria de archivos en la función update_user. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/Arbitrary-File-Upload-Vulnerability.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46005
https://notcve.org/view.php?id=CVE-2023-46005
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. Sourcecodester Best Courier Management System 1.0 es vulnerable a la inyección SQL a través del parámetro id en /edit_branch.php. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46006
https://notcve.org/view.php?id=CVE-2023-46006
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. Sourcecodester Best Courier Management System 1.0 es vulnerable a la inyección SQL a través del parámetro id en /edit_user.php. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46007
https://notcve.org/view.php?id=CVE-2023-46007
Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. Sourcecodester Best Courier Management System 1.0 es vulnerable a la inyección SQL a través del parámetro id en /edit_staff.php. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •