CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48823 – GaatiTrack Courier Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-48823
04 Dec 2023 — A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. Un problema de inyección de Blind SQL en ajax.php en GaatiTrack Courier Management System 1.0 permite que un atacante no autenticado inyecte un payload a través del parámetro de correo electrónico durante el inicio de sesión. GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/176030 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6306 – SourceCodester Free and Open Source Inventory Management System member_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-6306
27 Nov 2023 — A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6305 – SourceCodester Free and Open Source Inventory Management System suppliar_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-6305
27 Nov 2023 — A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument columns leads to sql injection. The attack may be initiated remotely. • https://github.com/BigTiger2020/2023/blob/main/Free%20and%20Open%20Source%20inventory%20management%20system/Free%20and%20Open%20Source%20inventory%20management%20system.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6301 – SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-6301
26 Nov 2023 — A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6300 – SourceCodester Best Courier Management System cross site scripting
https://notcve.org/view.php?id=CVE-2023-6300
26 Nov 2023 — A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-48206 – GaatiTrack Courier Management System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2023-48206
20 Nov 2023 — A Cross Site Scripting (XSS) vulnerability in GaatiTrack Courier Management System 1.0 allows a remote attacker to inject JavaScript via the page parameter to login.php or header.php. Vulnerabilidad de Cross Site Scripting (XSS) en GaatiTrack Courier Management System 1.0 permite a un atacante remoto inyectar JavaScript a través del parámetro de página en login.php o header.php. GaatiTrack Courier Management System version 1.0 suffers from multiple cross site scripting vulnerabilities. • https://packetstorm.news/files/id/175803 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 3CVE-2023-46980
https://notcve.org/view.php?id=CVE-2023-46980
03 Nov 2023 — An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. Un problema en Best Courier Management System v.1.0 permite a un atacante remoto ejecutar código arbitrario y escalar privilegios a través de un script manipulado al parámetro ID de usuario. • https://github.com/sajaljat/CVE-2023-46980 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46451
https://notcve.org/view.php?id=CVE-2023-46451
31 Oct 2023 — Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. Best Courier Management System v1.0 es vulnerable a Cross Site Scripting (XSS) en el campo de cambio de nombre de usuario. • https://github.com/sajaljat/CVE-2023-46451 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 3CVE-2023-46449
https://notcve.org/view.php?id=CVE-2023-46449
26 Oct 2023 — Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function. El sistema de gestión de inventario Gratuito y de Código Abierto Sourcecodester v1.0 es vulnerable a un control de acceso incorrecto. Un usuario arbitrario puede cambiar la contraseña de otro usuario y hacerse cargo de la cuenta a través de IDOR en la función de cambio de co... • https://github.com/sajaljat/CVE-2023-46449 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46450
https://notcve.org/view.php?id=CVE-2023-46450
26 Oct 2023 — Sourcecodester Free and Open Source inventory management system 1.0 is vulnerable to Cross Site Scripting (XSS) via the Add supplier function. El sistema de gestión de inventario Gratuito y de Código Abierto Sourcecodester v1.0 es vulnerable a Cross Site Scripting (XSS) a través de la función Agregar proveedor. • https://github.com/yte121/-CVE-2023-46450 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •