CVE on Lhz's blog https://lhzzz08.github.io/tags/cve/ Recent content in CVE on Lhz's blog Hugo -- 0.152.2 en-us Sat, 02 May 2026 22:49:19 +0800 Courier Management System SQLI Vulnerability https://lhzzz08.github.io/posts/cveapplication3/ Sat, 02 May 2026 22:49:19 +0800 https://lhzzz08.github.io/posts/cveapplication3/ <h1 id="sql-injection-vulnerability-in-itsourcecode-courier-management-system-v10">SQL Injection Vulnerability in itsourcecode Courier Management System V1.0</h1> <p><strong>BUG_Author:</strong> liuhanzhi <strong>Affected Version:</strong> V1.0 <strong>Vendor:</strong> <a href="https://itsourcecode.com/free-projects/php-project/courier-management-system-project-in-php-and-mysql/">itsourcecode</a> <strong>Software:</strong> <a href="https://itsourcecode.com/wp-content/uploads/2021/04/Courier-Management-System-Project-In-PHP-Source-Code.zip">Courier Management System</a> <strong>Vulnerability File:</strong></p> <ul> <li><code>/manage_user.php</code></li> </ul> <h2 id="description">Description</h2> <h3 id="1-sql-injection-via-id-parameter">1. SQL Injection via <code>id</code> Parameter</h3> <p>In the file <code>/manage_user.php</code>, the application directly concatenates the user-supplied <code>id</code> parameter into an SQL query without any sanitization or validation.</p> <p>Vulnerable code (line 5):</p> <div class="highlight"><pre tabindex="0" style="color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4;"><code class="language-php" data-lang="php"><span style="display:flex;"><span>$user <span style="color:#f92672">=</span> $conn<span style="color:#f92672">-&gt;</span><span style="color:#a6e22e">query</span>(<span style="color:#e6db74">&#34;SELECT * FROM users where id =&#34;</span><span style="color:#f92672">.</span>$_GET[<span style="color:#e6db74">&#39;id&#39;</span>]); </span></span></code></pre></div><h3 id="2-exploiting-the-sql-injection">2. Exploiting the SQL Injection</h3> <p>By injecting malicious SQL commands into the <code>id</code> parameter via a GET request, an attacker can manipulate the underlying SQL query to perform unauthorized database operations including data extraction, modification, and enumeration.</p>