CVE-2023-46980

CRITICAL

Best Courier Management System <1.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-46980. PoCs published by sajaljat.

AI-analyzed exploit summary The repository lacks functional exploit code and instead provides a vague description with a YouTube link, indicating it may be a social engineering lure rather than a legitimate PoC.

Description

An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.

Exploits (1)

nomisec SUSPICIOUS

by sajaljat · poc

https://github.com/sajaljat/CVE-2023-46980

View Code ZIP pw:eip

The repository lacks functional exploit code and instead provides a vague description with a YouTube link, indicating it may be a social engineering lure rather than a legitimate PoC.

Classification

Suspicious 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Theoretical

Target: Best Courier Management System v.1.000

No auth needed

Prerequisites: User ID from password reset functionality

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory

https://github.com/sajaljat/CVE-2023-46980/tree/main

View Exploit ZIP pw:eip

Exploit

https://youtu.be/3Mz2lSElg7Y

Scores

CVSS v3 9.8

EPSS 0.0151

EPSS Percentile 71.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-94

Status published

Products (1)

mayurik/best_courier_management_system 1.0

Published Nov 03, 2023

Tracked Since Feb 18, 2026