CVE-2023-5272

MEDIUM

Best Courier Management System 1.0 - SQL Injection via edit_parcel.php id Parameter

Title source: llm

Description

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability.

References (3)

Core 3

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.240885

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.240885

Exploit, Product exploit

https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%204.pdf

View Exploit ZIP pw:eip

Scores

CVSS v3 5.5

EPSS 0.0005

EPSS Percentile 16.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

mayurik/best_courier_management_system 1.0

Published Sep 29, 2023

Tracked Since Feb 18, 2026