CVE-2023-5269

Опубликовано: 29 сент. 2023

Источник: nvd

CVSS3: 5.5

CVSS3: 8.8

CVSS2: 5.2

EPSS Низкий

Описание

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id/s leads to sql injection. The exploit has been disclosed to the public and may be used.

Ссылки

https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%201.pdf
Exploit
Product
https://vuldb.com/?ctiid.240882
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.240882
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?submit.212108
https://www.sourcecodester.com/
https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%201.pdf
Exploit
Product
https://vuldb.com/?ctiid.240882
Permissions Required
Third Party Advisory
VDB Entry
https://vuldb.com/?id.240882
Permissions Required
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mayurik:best_courier_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00052

Низкий

5.5 Medium

CVSS3

8.8 High

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-74

CWE-89

Связанные уязвимости

GHSA-2h72-wjmg-q2hg

CVSS3: 5.5

github

больше 2 лет назад

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-240882 is the identifier assigned to this vulnerability.

EPSS

Процентиль: 16%

0.00052

Низкий

5.5 Medium

CVSS3

8.8 High

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-74

CWE-89