| Title | Mayuri K. Gaatitrack Courier Management System 1.0 Broken Access Control |
|---|
| Description | A vulnerability, which was classified as high, was found in Mayuri K. Gaatitrack Courier Management System 1.0. This affects the function delete_user of the file ajax.php. The manipulation of the argument id leads to unauthorized deletion. It is possible to launch the attack remotely and without any authentication. This vulnerability allows an attacker to delete arbitrary users from the database, leading to potential service disruption. |
|---|
| Source | ⚠️ https://github.com/zy606/Vulnerability-Report/tree/main/Gaatitrack-Unauth-Delete |
|---|
| User | Zyyyy (UID 96412) |
|---|
| Submission | 03/16/2026 10:43 (21 days ago) |
|---|
| Moderation | 04/01/2026 15:47 (16 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 354664 [SourceCodester/mayuri_k Best Courier Management System 1.0 User Delete ajax.php?action=delete_user ID access control] |
|---|
| Points | 20 |
|---|