CVE-2023-5270

Опубликовано: 29 сент. 2023

Источник: nvd

CVSS3: 5.5

CVSS3: 8.8

CVSS2: 5.2

EPSS Низкий

Описание

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-240883.

Ссылки

https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%202.pdf
Exploit
Product
https://vuldb.com/?ctiid.240883
Permissions Required
VDB Entry
https://vuldb.com/?id.240883
Third Party Advisory
VDB Entry
https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%202.pdf
Exploit
Product
https://vuldb.com/?ctiid.240883
Permissions Required
VDB Entry
https://vuldb.com/?id.240883
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mayurik:best_courier_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 16%

0.00052

Низкий

5.5 Medium

CVSS3

8.8 High

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-pjfc-p84w-fwgj

CVSS3: 5.5

github

больше 2 лет назад

EPSS

Процентиль: 16%

0.00052

Низкий

5.5 Medium

CVSS3

8.8 High

CVSS3

5.2 Medium

CVSS2

Дефекты

CWE-89