| Title | Campcodes Courier Management System V1.0 SQL Injection |
|---|
| Description | Vulnerability Type
SQL injection
Root Cause
In courier Management System "/view_parcel.php" found a SQL injection vulnerabilities. Websites can directly use blind injection for SQL queries. Attackers can observe the application's response or other visible behaviors to determine whether the injection is successful and further probe and exploit the data in the database.
Impact
Attackers can exploit this SQL injection vulnerability to achieve unauthorized database access, sensitive data leakage, data tampering, comprehensive system control, and even service interruption, posing a serious threat to system security and business continuity.
DESCRIPTION
In courier Management System"/view_parcel.php" has discovered an SQL injection vulnerability. Websites can directly apply blind injection to SQL queries. Attackers obtain information about the database content by injecting conditional statements and taking advantage of Boolean condition-based judgments in the application. Attackers can try different conditions and verify their correctness based on the application's response. When constructing SQL query statements, the program directly uses the ID input by the user without performing any verification or filtering on it. Therefore, arbitrary SQL queries can be executed by entering malicious ids. |
|---|
| Source | ⚠️ https://github.com/XiaoJiesecqwq/CVE/issues/15 |
|---|
| User | Anonymous User |
|---|
| Submission | 07/26/2025 15:33 (9 months ago) |
|---|
| Moderation | 07/26/2025 17:50 (2 hours later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 317842 [Campcodes Courier Management System 1.0 /view_parcel.php ID sql injection] |
|---|
| Points | 20 |
|---|