Description
Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php.
Published: 2026-03-03
Score: 2.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Data Exposure
Action: Assess Impact
AI Analysis

Impact

Simple Logistic Hub Parcel’s Management System version 1.0 contains a SQL Injection vulnerability in the /manage_carrier.php script. Unvalidated input may allow an attacker to inject arbitrary SQL, potentially retrieving, modifying, or deleting data in the underlying database. The vulnerability carries a low CVSS score of 2.7, indicating limited impact if accessed only locally or under specific conditions, but still poses a risk of data leakage or accidental corruption.

Affected Systems

The affected system is the Simple Logistic Hub Parcel’s Management System, version 1.0, as distributed by oretnom23. No other vendors or products are listed.

Risk and Exploitability

The EPSS score is below 1 %, suggesting a very low probability of exploitation in the wild, and the issue is not currently tracked in CISA’s KEV catalog. Based on the description, the most likely attack vector is a web‑based interface that accepts unfiltered user input in /manage_carrier.php. If an attacker can submit crafted requests to this endpoint, they could manipulate the SQL statements executed by the application. Though the reported severity is low, any deployment of the unchanged application remains susceptible.

Generated by OpenCVE AI on April 16, 2026 at 05:46 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Implement input validation and use parameterized queries or stored procedures in the /manage_carrier.php code to prevent unsanitized SQL construction.
  • Configure the database user that the application uses with the least privileges, limiting it to only the necessary SELECT, INSERT, UPDATE, and DELETE right on the required tables.
  • Update or patch the application to a version where this vulnerability is fixed, or apply the vendor’s recommended remediation if available.

Generated by OpenCVE AI on April 16, 2026 at 05:46 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 11 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

 ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

cvssV3_1

{'score': 2.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N'}

Thu, 05 Mar 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Oretnom23
Oretnom23 simple Logistic Hub Parcel\'s Management System
Weaknesses CWE-89
CPEs cpe:2.3:a:oretnom23:simple_logistic_hub_parcel\'s_management_system:1.0:*:*:*:*:*:*:*
Vendors & Products Oretnom23
Oretnom23 simple Logistic Hub Parcel\'s Management System
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Wed, 04 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
First Time appeared Sourcecodester
Sourcecodester logistic Hub Parcels Management System
Vendors & Products Sourcecodester
Sourcecodester logistic Hub Parcels Management System

Tue, 03 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
Description Sourcecodester Logistic Hub Parcel's Management System v1.0 is vulnerable to SQL Injection in /manage_carrier.php.
References

Subscriptions

Oretnom23 Simple Logistic Hub Parcel\'s Management System
Sourcecodester Logistic Hub Parcels Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-03-11T15:13:46.579Z

Reserved: 2026-02-16T00:00:00.000Z

Link: CVE-2026-26892

cve-icon Vulnrichment

Updated: 2026-03-03T20:25:27.803Z

cve-icon NVD

Status : Modified

Published: 2026-03-03T20:16:49.220

Modified: 2026-03-11T16:16:39.700

Link: CVE-2026-26892

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-16T06:00:10Z

Weaknesses