6 matches found
CVE-2023-30415
Sourcecodester Packers and Movers Management System v1.0 contains a SQL injection vulnerability exploitable via the id parameter at /inquiries/view_inquiry.php. The issue is described consistently across multiple feeds (NVD, Red Hat, CVE lists, and enrichment sources). CVSS v3.1 metrics indicate ...
CVE-2024-57522
SourceCodester Packers and Movers Management System v1.0 is affected by a Cross Site Scripting (XSS) vulnerability in Users.php, allowing an attacker to inject malicious scripts via the username or name fields during user creation. The issue is documented across multiple sources (CVE-2024-57522);...
CVE-2024-57523
CVE-2024-57523 corresponds to a CSRF vulnerability in the Users.php endpoint of SourceCodester Packers and Movers Management System 1.0. Exploitation requires an authenticated admin user to visit a crafted page, enabling attackers to create unauthorized admin accounts (privilege escalation) with ...
CVE-2023-46435
Sourcecodester Packers and Movers Management System v1.0 is affected by a SQL Injection in the endpoint mpms/?p=services/view_service&id, caused by unsafely handling the id parameter. The issue is documented across multiple sources, with CVSS 3.1 base score 9.8 (CRITICAL) and network attack vecto...
CVE-2024-48427
CVE-2024-48427 describes a SQL injection vulnerability in Sourcecodester Packers and Movers Management System v1.0. The issue allows a remote authenticated user to execute arbitrary SQL commands by manipulating the id parameter in /mpms/admin/?page=services/manage_service&id. The evaluations indi...
CVE-2023-46956
CVE-2023-46956 is a SQL injection vulnerability in Packers and Movers Management System v1.0. The flaw affects the endpoint /mpms/admin/?page=user/manage_user&id and allows a remote attacker to potentially execute arbitrary code via crafted payloads. The root cause is improper handling of the id ...