Critical Vulnerability Information Vulnerability ID: - VDB-332924 - CVE-2025-13396 - GCVE-100-332924 Affected Product: - Code-Projects Courier Management System 1.0 Vulnerability Type: - SQL Injection in - Critical vulnerability Affected File and Parameter: - File: - Parameter: Vulnerability Description: - Manipulating the parameter can lead to SQL injection. - This vulnerability falls under CWE-89. - The system constructs SQL commands using external input without proper neutralization. Impact: - Confidentiality - Integrity - Availability CVE Identifier: - CVE-2025-13396 Exploit Availability: - Exploit is available on GitHub. - The exploit is declared as proof-of-concept. - Easy to exploit, can be launched remotely. Mitigation: - No specific mitigation details provided, but it is recommended to replace the affected component with an alternative product.