CVE-2024-48580

Name of the Vulnerable Software and Affected Versions Best courier management system in php version 1.0

Description The issue allows a remote attacker to execute arbitrary code via the email parameter of the "login request" API endpoint. This enables the attacker to inject malicious SQL code, potentially leading to unauthorized access or data manipulation.

Recommendations For version 1.0, consider validating and sanitizing the email parameter in the login request to prevent SQL injection attacks. As a temporary workaround, restrict access to the login functionality until a proper fix is implemented.