PT-2024-16402 · Code Projects · Code-Projects Courier Management System

Yanhuo

Published

2024-10-31

Updated

2024-11-05

CVE-2024-10607

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Courier Management System version 1.0

Description A critical issue has been identified in the code-projects Courier Management System, affecting the /track-result.php file. The manipulation of the Consignment argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For version 1.0, update to the latest release to mitigate risks. As a temporary workaround, consider restricting access to the /track-result.php file until a patch is available. Avoid using the Consignment argument in the affected file until the issue is resolved.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-10607

Affected Products

Code-Projects Courier Management System

PT-2024-16402 · Code Projects · Code-Projects Courier Management System

CVE-2024-10607

Weakness Enumeration

Related Identifiers

Affected Products

References · 17