This vulnerability arises from unfiltered user input in the /manage_parcel_type.php page of Sourcecodester Simple Logistic Hub Parcel's Management System version 1.0, allowing attackers to inject arbitrary SQL commands. The flaw classifies as SQL Injection (CWE-89) and could let an attacker read, modify or delete database contents, compromising confidentiality and integrity. Although the CVSS score indicates low severity, the potential to alter critical data remains significant for affected deployments. The CVSS score of 2.7 indicates limited impact, and the EPSS score of less than 1% suggests a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. The attack vector is inferred to be the web interface /manage_parcel_type.php where user‑supplied data is not properly sanitized.

The product affected is Sourcecodester Simple Logistic Hub Parcel's Management System v1.0. No additional vendor or version information is provided.

With a CVSS score of 2.7, the vulnerability presents low risk. The EPSS score of <1% indicates a very low probability of exploitation, and it is not a known exploited vulnerability according to current KEV data. Based on the description, it is inferred that the exploitation requires sending crafted HTTP requests to /manage_parcel_type.php, allowing an attacker to inject SQL statements that may read or modify the database.