CVE-2025-9759

Sažetak

A security flaw has been discovered in Campcodes/SourceCodester Courier Management System 1.0. Affected by this issue is the function Signup of the file /ajax.php. Performing manipulation of the argument lastname results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be exploited.

Reference

https://github.com/lrjbsyh/CVE_Hunter/issues/9#issue-3348584620
https://vuldb.com/?ctiid.322060
https://vuldb.com/?id.322060
https://vuldb.com/?submit.640684
https://github.com/lrjbsyh/CVE_Hunter/issues/9#issue-3348584620

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

08-09-2025 - 13:53

Objavljeno

01-09-2025 - 04:15