CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10608 – code-projects Courier Management System login.php sql injection
https://notcve.org/view.php?id=CVE-2024-10608
A vulnerability was found in code-projects Courier Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be initiated remotely. • https://code-projects.org https://github.com/AXUyaku/cve/issues/1 https://vuldb.com/?ctiid.282617 https://vuldb.com/?id.282617 https://vuldb.com/?submit.434785 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-10607 – code-projects Courier Management System track-result.php sql injection
https://notcve.org/view.php?id=CVE-2024-10607
A vulnerability was found in code-projects Courier Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /track-result.php. The manipulation of the argument Consignment leads to sql injection. The attack can be initiated remotely. • https://code-projects.org https://github.com/yanhuoshanjin/cve/issues/1 https://vuldb.com/?ctiid.282616 https://vuldb.com/?id.282616 https://vuldb.com/?submit.434773 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 2CVE-2023-46974
https://notcve.org/view.php?id=CVE-2023-46974
Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. Vulnerabilidad de Cross Site Scripting en Best Courier Management System v.1.000 permite a un atacante remoto ejecutar código arbitrario a través de un payload manipulado en el parámetro de página en la URL. • https://github.com/yte121/CVE-2023-46974 https://youtu.be/5oVfJHT_-Ys • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48823 – GaatiTrack Courier Management System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2023-48823
A Blind SQL injection issue in ajax.php in GaatiTrack Courier Management System 1.0 allows an unauthenticated attacker to inject a payload via the email parameter during login. Un problema de inyección de Blind SQL en ajax.php en GaatiTrack Courier Management System 1.0 permite que un atacante no autenticado inyecte un payload a través del parámetro de correo electrónico durante el inicio de sesión. GaatiTrack Courier Management System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/176030 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-6301 – SourceCodester Best Courier Management System GET Parameter parcel_list.php cross site scripting
https://notcve.org/view.php?id=CVE-2023-6301
A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/BigTiger2020/2023/blob/main/best-courier-management-system/best-courier-management-system-reflected%20xss2.md https://vuldb.com/?ctiid.246127 https://vuldb.com/?id.246127 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •