Best courier management system in php
Products
1- 10 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48581 | Cri | 0.64 | 9.8 | 0.01 | Oct 25, 2024 | File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component. | ||
| CVE-2024-48580 | Cri | 0.64 | 9.8 | 0.01 | Oct 25, 2024 | SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request. | ||
| CVE-2023-46980 | Cri | 0.64 | 9.8 | 0.02 | Nov 3, 2023 | An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter. | ||
| CVE-2020-35329 | Med | 0.42 | 6.5 | 0.01 | Mar 4, 2021 | Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '. | ||
| CVE-2020-35327 | Med | 0.42 | 6.5 | 0.01 | Mar 4, 2021 | SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php | ||
| CVE-2023-27206 | Med | 0.40 | 6.1 | 0.00 | Mar 9, 2023 | A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter. | ||
| CVE-2023-46974 | Med | 0.35 | 5.4 | 0.01 | Dec 7, 2023 | Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL. | ||
| CVE-2023-46451 | Med | 0.35 | 5.4 | 0.00 | Oct 31, 2023 | Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field. | ||
| CVE-2020-35328 | Med | 0.35 | 5.4 | 0.01 | Mar 4, 2021 | Courier Management System 1.0 - 'First Name' Stored XSS | ||
| CVE-2024-24407 | Med | 0.34 | 5.3 | 0.01 | Mar 28, 2024 | SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component. |
- risk 0.64cvss 9.8epss 0.01
File Upload vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the admin_class.php component.
- risk 0.64cvss 9.8epss 0.01
SQL Injection vulnerability in Best courier management system in php v.1.0 allows a remote attacker to execute arbitrary code via the email parameter of the login request.
- risk 0.64cvss 9.8epss 0.02
An issue in Best Courier Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.
- risk 0.42cvss 6.5epss 0.01
Courier Management System 1.0 1.0 is affected by SQL Injection via 'MULTIPART street '.
- risk 0.42cvss 6.5epss 0.01
SQL injection vulnerability was discovered in Courier Management System 1.0, which can be exploited via the ref_no (POST) parameter to admin_class.php
- risk 0.40cvss 6.1epss 0.00
A cross-site scripting (XSS) vulnerability in /kruxton/navbar.php of Best POS Management System 1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the page parameter.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting vulnerability in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code via a crafted payload to the page parameter in the URL.
- risk 0.35cvss 5.4epss 0.00
Best Courier Management System v1.0 is vulnerable to Cross Site Scripting (XSS) in the change username field.
- risk 0.35cvss 5.4epss 0.01
Courier Management System 1.0 - 'First Name' Stored XSS
- risk 0.34cvss 5.3epss 0.01
SQL Injection vulnerability in Best Courier management system v.1.0 allows a remote attacker to obtain sensitive information via print_pdets.php component.