sajal jat - Security Researcher - Exploit Intelligence Platform

CVE-2023-46449 NOMISEC HIGH WRITEUP

inventory_management_system 1.0 - Incorrect Access Control via Password Change IDOR

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.

CVSS 8.8

View Code

CVE-2023-46451 NOMISEC MEDIUM WRITEUP

Best Courier Management System v1.0 - XSS

Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.

CVSS 5.4

View Code

CVE-2023-46980 NOMISEC CRITICAL SUSPICIOUS

Best Courier Management System <1.0 - RCE

An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.

CVSS 9.8

View Code

CVE-2023-46449 WRITEUP HIGH WRITEUP

inventory_management_system 1.0 - Incorrect Access Control via Password Change IDOR

Sourcecodester Free and Open Source inventory management system v1.0 is vulnerable to Incorrect Access Control. An arbitrary user can change the password of another user and takeover the account via IDOR in the password change function.

CVSS 8.8

View Code

CVE-2023-46980 WRITEUP CRITICAL SUSPICIOUS

Best Courier Management System <1.0 - RCE

An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.

CVSS 9.8

View Code