Labi

**Name of the Vulnerable Software and Affected Versions** code-projects Courier Management System version 1.0 **Description** A flaw exists in code-projects Courier Management System 1.0 that allows for remote code execution. The issue is located in the file `/add-new-officer.php`. Manipulation of the `ManagerName` argument can lead to SQL injection. The exploit is publicly available. **Recommendations** Apply any available updates to address the issue in the `/add-new-officer.php` file. As a temporary workaround, sanitize the `ManagerName` input to prevent SQL injection. Restrict access to the `/add-new-officer.php` file to authorized personnel only.

**Name of the Vulnerable Software and Affected Versions** Courier Management System version 1.0 **Description** A SQL injection issue exists in the file `/search-edit.php` due to manipulation of the `Consignment` argument. This manipulation can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.