CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-4945 – SourceCodester Best Courier Management System view_parcel.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-4945
16 May 2024 — A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file view_parcel.php. The manipulation of the argument id leads to unrestricted upload. It is possible to launch the attack remotely. • https://github.com/CveSecLook/cve/issues/28 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6898 – SourceCodester Best Courier Management System manage_user.php sql injection
https://notcve.org/view.php?id=CVE-2023-6898
17 Dec 2023 — A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function of the file manage_user.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-248256. • https://github.com/Glunko/gaatitrack-courier-management-system_vulnerability/blob/main/sql_injection.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6301 – SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-6301
26 Nov 2023 — A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6300 – SourceCodester Best Courier Management System cross site scripting
https://notcve.org/view.php?id=CVE-2023-6300
26 Nov 2023 — A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system%20-%20reflected%20xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 3CVE-2023-46980
https://notcve.org/view.php?id=CVE-2023-46980
03 Nov 2023 — An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. Un problema en Best Courier Management System v.1.0 permite a un atacante remoto ejecutar código arbitrario y escalar privilegios a través de un script manipulado al parámetro ID de usuario. • https://github.com/sajaljat/CVE-2023-46980 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46451
https://notcve.org/view.php?id=CVE-2023-46451
31 Oct 2023 — Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. Best Courier Management System v1.0 es vulnerable a Cross Site Scripting (XSS) en el campo de cambio de nombre de usuario. • https://github.com/sajaljat/CVE-2023-46451 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46004
https://notcve.org/view.php?id=CVE-2023-46004
18 Oct 2023 — Sourcecodester Best Courier Management System 1.0 is vulnerable to Arbitrary file upload in the update_user function. Sourcecodester Best Courier Management System 1.0 es vulnerable a la carga arbitraria de archivos en la función update_user. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/Arbitrary-File-Upload-Vulnerability.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46005
https://notcve.org/view.php?id=CVE-2023-46005
18 Oct 2023 — Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_branch.php. Sourcecodester Best Courier Management System 1.0 es vulnerable a la inyección SQL a través del parámetro id en /edit_branch.php. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46006
https://notcve.org/view.php?id=CVE-2023-46006
18 Oct 2023 — Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_user.php. Sourcecodester Best Courier Management System 1.0 es vulnerable a la inyección SQL a través del parámetro id en /edit_user.php. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability-2.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46007
https://notcve.org/view.php?id=CVE-2023-46007
18 Oct 2023 — Sourcecodester Best Courier Management System 1.0 is vulnerable to SQL Injection via the parameter id in /edit_staff.php. Sourcecodester Best Courier Management System 1.0 es vulnerable a la inyección SQL a través del parámetro id en /edit_staff.php. • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Best%20Courier%20Management%20System%201.0/SQL-Injection-Vulnerability-3.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •