Courier Management System
Monthly
A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the file /courier/edit-courier.php. The manipulation of the argument OfficeName leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
SQL injection vulnerability in Courier Management System 1.0 allows authenticated remote attackers to manipulate the Shippername parameter in /add-courier.php, enabling database queries to be executed with limited confidentiality and integrity impact. The publicly available exploit code and low CVSS score (2.1) reflect the requirement for valid authentication credentials, limiting real-world risk despite confirmed exploit availability.
SQL injection in Campcodes Courier Management System 1.0 via the ID parameter in /view_parcel.php allows authenticated remote attackers to execute arbitrary SQL queries with limited data exposure impact. The CVSS score of 2.1 reflects constraints imposed by authentication requirements (PR:L) and restricted scope, but publicly available exploit code exists; however, the 0.06% EPSS score indicates minimal real-world exploitation likelihood despite public disclosure.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /manage_user.php, with publicly available exploit code disclosed. Despite a critical classification, the CVSS 4.0 vector reflects low impact (confidentiality, integrity, availability all limited) and EPSS score of 0.06% suggests minimal real-world exploitation probability.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the parameter 's' in /parcel_list.php, with publicly available exploit code disclosed. Despite a critical classification in the original report, the CVSS 4.0 score of 2.1 reflects limited confidentiality, integrity, and availability impact constrained by the requirement for prior authentication (PR:L) and absence of scope escalation; EPSS scoring of 0.06% indicates low real-world exploitation probability despite public POC availability.
SQL injection in Campcodes Courier Management System 1.0 via the ids parameter in /print_pdets.php allows authenticated remote attackers to execute arbitrary SQL queries with limited impact. Despite critical classification, the CVSS v4.0 score of 2.1 reflects low confidentiality, integrity, and availability impact; EPSS exploitation probability is minimal at 0.06% (19th percentile), and the vulnerability requires valid user authentication to trigger.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_user.php, affecting data confidentiality and integrity. The vulnerability has publicly available exploit code but carries a very low EPSS score (0.06%, percentile 19%), suggesting minimal real-world exploitation risk despite the critical classification and public disclosure.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in /edit_staff.php, affecting database confidentiality and integrity with low severity impact. Publicly available exploit code exists, though CVSS 2.1 and EPSS 0.06% indicate limited real-world exploitation probability despite the vulnerability's technical criticality classification.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_parcel.php, potentially leading to unauthorized data access or modification. The vulnerability has been publicly disclosed with exploit code available, though CVSS 2.1 and EPSS 0.06% indicate limited real-world impact due to authentication requirement and low technical scope (no confidentiality or integrity impact to the system itself).
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_branch.php, potentially compromising database confidentiality and integrity. The vulnerability requires valid user credentials (PR:L) but is easily exploitable with low technical complexity. Exploit code has been publicly disclosed, though real-world exploitation likelihood remains low per EPSS score (0.06%).
A vulnerability was identified in code-projects Courier Management System 1.0. This impacts an unknown function of the file /courier/edit-courier.php. The manipulation of the argument OfficeName leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
SQL injection vulnerability in Courier Management System 1.0 allows authenticated remote attackers to manipulate the Shippername parameter in /add-courier.php, enabling database queries to be executed with limited confidentiality and integrity impact. The publicly available exploit code and low CVSS score (2.1) reflect the requirement for valid authentication credentials, limiting real-world risk despite confirmed exploit availability.
SQL injection in Campcodes Courier Management System 1.0 via the ID parameter in /view_parcel.php allows authenticated remote attackers to execute arbitrary SQL queries with limited data exposure impact. The CVSS score of 2.1 reflects constraints imposed by authentication requirements (PR:L) and restricted scope, but publicly available exploit code exists; however, the 0.06% EPSS score indicates minimal real-world exploitation likelihood despite public disclosure.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /manage_user.php, with publicly available exploit code disclosed. Despite a critical classification, the CVSS 4.0 vector reflects low impact (confidentiality, integrity, availability all limited) and EPSS score of 0.06% suggests minimal real-world exploitation probability.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the parameter 's' in /parcel_list.php, with publicly available exploit code disclosed. Despite a critical classification in the original report, the CVSS 4.0 score of 2.1 reflects limited confidentiality, integrity, and availability impact constrained by the requirement for prior authentication (PR:L) and absence of scope escalation; EPSS scoring of 0.06% indicates low real-world exploitation probability despite public POC availability.
SQL injection in Campcodes Courier Management System 1.0 via the ids parameter in /print_pdets.php allows authenticated remote attackers to execute arbitrary SQL queries with limited impact. Despite critical classification, the CVSS v4.0 score of 2.1 reflects low confidentiality, integrity, and availability impact; EPSS exploitation probability is minimal at 0.06% (19th percentile), and the vulnerability requires valid user authentication to trigger.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_user.php, affecting data confidentiality and integrity. The vulnerability has publicly available exploit code but carries a very low EPSS score (0.06%, percentile 19%), suggesting minimal real-world exploitation risk despite the critical classification and public disclosure.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL commands via the ID parameter in /edit_staff.php, affecting database confidentiality and integrity with low severity impact. Publicly available exploit code exists, though CVSS 2.1 and EPSS 0.06% indicate limited real-world exploitation probability despite the vulnerability's technical criticality classification.
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_parcel.php, potentially leading to unauthorized data access or modification. The vulnerability has been publicly disclosed with exploit code available, though CVSS 2.1 and EPSS 0.06% indicate limited real-world impact due to authentication requirement and low technical scope (no confidentiality or integrity impact to the system itself).
SQL injection in Campcodes Courier Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via the ID parameter in /edit_branch.php, potentially compromising database confidentiality and integrity. The vulnerability requires valid user credentials (PR:L) but is easily exploitable with low technical complexity. Exploit code has been publicly disclosed, though real-world exploitation likelihood remains low per EPSS score (0.06%).