Skip to content

sajaljat/CVE-2023-46980

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 

Repository files navigation

CVE-2023-46980

An issue in Best Courier Management System v.1.000 allows a remote attacker to execute arbitrary code and escalate privileges via a crafted script to the userID parameter.

Additional Information Video POC Link On YT ; https://youtu.be/3Mz2lSElg7Y

Vulnerability Type Incorrect Access Control - Account takeOver

Affected Component Update User Form where we can update username & password

Attack Vectors need the User id which is easily we can get in password reset.

Discoverer sajal jat

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published