CVE-2023-5272

MEDIUM

5.5

Description

A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-240885 was assigned to this vulnerability.

CVE Details

CVSS v3.1 Score5.5

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Attack VectorADJACENT_NETWORK

ComplexityLOW

Privileges RequiredLOW

User InteractionNONE

Published9/29/2023

Last Modified9/30/2025

Sourcenvd

Honeypot Sightings0

Affected Products

mayurik:best_courier_management_system

Weaknesses (CWE)

CWE-89

References

https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%204.pdf(cna@vuldb.com)

https://vuldb.com/?ctiid.240885(cna@vuldb.com)

https://vuldb.com/?id.240885(cna@vuldb.com)

https://github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%204.pdf(af854a3a-2127-422b-91ae-364da2661108)

https://vuldb.com/?ctiid.240885(af854a3a-2127-422b-91ae-364da2661108)

https://vuldb.com/?id.240885(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.