Ziran

**Name of the Vulnerable Software and Affected Versions** itsourcecode Courier Management System version 1.0 **Description** A SQL injection issue exists in the `/parcel list.php` file. A remote attacker can trigger this by manipulating the `s` argument. SQL injection is a technique where malicious SQL statements are inserted into entry fields for execution, potentially allowing unauthorized access to the database. **Recommendations** Update itsourcecode Courier Management System version 1.0 to a newer version that contains a fix. As a temporary workaround, restrict access to the `/parcel list.php` file or avoid using the `s` argument until a patch is applied.