Unrated severityNVD Advisory· Published Sep 29, 2023· Updated Mar 6, 2025

SourceCodester Best Courier Management System GET Parameter parcel_list.php sql injection

CVE-2023-5269

Description

A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument id/s leads to sql injection. The exploit has been disclosed to the public and may be used.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SQL injection in SourceCodester Best Courier Management System 1.0 via parcel_list.php allows unauthenticated attackers to extract database contents.

Vulnerability

The vulnerability is a SQL injection in the GET parameter handler of parcel_list.php in SourceCodester Best Courier Management System version 1.0. The id or s parameter is not sanitized, allowing an attacker to inject arbitrary SQL queries. The affected version is 1.0 only [2].

Exploitation

An attacker can exploit this by sending a crafted HTTP GET request to parcel_list.php with malicious SQL in the id or s parameter. No authentication is required. The exploit has been publicly disclosed, including proof-of-concept details [1].

Impact

Successful exploitation allows an attacker to execute arbitrary SQL commands, leading to disclosure of sensitive data (e.g., user credentials, courier information) and potentially full database compromise.

Mitigation

As of publication, no official patch has been released. Users should apply input validation and parameterized queries to mitigate the risk. The vendor (SourceCodester) may not provide updates; consider migrating to a maintained solution [2].

References

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Campcodes/Courier Management Systemllm-fuzzy
Range: =1.0
Sourcecodester/Best Fee Management Systemcpe-rescue
Range: 1.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/E1CHO/cve_hub/blob/main/Best%20courier%20management%20system/Best%20courier%20management%20system%20project%20in%20php%20-%20vuln%201.pdfmitreexploit
vuldb.commitrethird-party-advisory
vuldb.commitresignaturepermissions-required
vuldb.commitrevdb-entrytechnical-description
www.sourcecodester.commitreproduct

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000