CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46004
https://notcve.org/view.php?id=CVE-2023-46004
18 Oct 2023 — Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. Sourcecodester Best Courier Management System 1.0 es vulnerable a la carga arbitraria de archivos en la función update_user. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/Arbitrary-File-Upload-Vulnerability.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46005
https://notcve.org/view.php?id=CVE-2023-46005
18 Oct 2023 — Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. Sourcecodester Best Courier Management System 1.0 es vulnerable a la inyección SQL a través del parámetro id en /edit_branch.php. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46006
https://notcve.org/view.php?id=CVE-2023-46006
18 Oct 2023 — Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. Sourcecodester Best Courier Management System 1.0 es vulnerable a la inyección SQL a través del parámetro id en /edit_user.php. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46007
https://notcve.org/view.php?id=CVE-2023-46007
18 Oct 2023 — Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. Sourcecodester Best Courier Management System 1.0 es vulnerable a la inyección SQL a través del parámetro id en /edit_staff.php. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-5302 – SourceCodester Best Courier Management System Manage Account Page cross site scripting
https://notcve.org/view.php?id=CVE-2023-5302
30 Sep 2023 — A vulnerability, which was classified as problematic, has been found in SourceCodester Best Courier Management System 1.0. This issue affects some unknown processing of the component Manage Account Page. The manipulation of the argument First Name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/rohit0x5/poc/blob/main/cve_2 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4749 – SourceCodester Inventory Management System index.php file inclusion
https://notcve.org/view.php?id=CVE-2023-4749
04 Sep 2023 — A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. Affected is an unknown function of the file index.php. The manipulation of the argument page leads to file inclusion. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://skypoc.wordpress.com/2023/09/03/%e3%80%90code-audit%e3%80%91open-source-ample-inventory-management-system-v1-0-by-mayuri_k-has-a-file-inclusion-vulnerability • CWE-73: External Control of File Name or Path •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4201 – SourceCodester Inventory Management System ex_catagory_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-4201
07 Aug 2023 — A vulnerability was found in SourceCodester Inventory Management System 1.0 and classified as critical. This issue affects some unknown processing of the file ex_catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20ex_catagory_data.php/vuln.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4200 – SourceCodester Inventory Management System product_data.php. sql injection
https://notcve.org/view.php?id=CVE-2023-4200
07 Aug 2023 — A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file product_data.php.. The manipulation of the argument columns[1][data] leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20product_data.php/vuln.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4199 – SourceCodester Inventory Management System catagory_data.php sql injection
https://notcve.org/view.php?id=CVE-2023-4199
07 Aug 2023 — A vulnerability, which was classified as critical, was found in SourceCodester Inventory Management System 1.0. This affects an unknown part of the file catagory_data.php. The manipulation of the argument columns[1][data] leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/Yesec/Inventory-Management-System/blob/main/SQL%20Injection%20in%20catagory_data.php/vuln.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-4185 – SourceCodester Online Hospital Management System patientlogin.php sql injection
https://notcve.org/view.php?id=CVE-2023-4185
06 Aug 2023 — A vulnerability was found in SourceCodester Online Hospital Management System 1.0. It has been classified as critical. Affected is an unknown function of the file patientlogin.php. The manipulation of the argument loginid/password leads to sql injection. It is possible to launch the attack remotely. • https://github.com/Yusoyea/VulList/blob/main/Hospital%20Management%20System%20patientlogin.php%20has%20Sqlinjection.pdf • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •