Zero Day MonitorZDM

← Back to list

6.5

CVE-2026-5330

sourcecodester · best courier management system

SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control

Description

A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controls. The attack may be initiated remotely. The exploit has been made public and could be used.

Affected Products

Vendor	Product	Versions
sourcecodester	best courier management system	1.0, 1.0

References

https://vuldb.com/vuln/354664(vdb-entry, technical-description)
https://vuldb.com/vuln/354664/cti(signature, permissions-required)
https://vuldb.com/submit/780734(third-party-advisory)
https://github.com/zy606/Vulnerability-Report/tree/main/Gaatitrack-Unauth-Delete(exploit)

CVSS 3.16.5 NONE

CISA KEV❌ No

Actively exploited❌ No

CWECWE-284, CWE-266

PublishedApr 2, 2026

Last enriched2h ago

Trending Score0

Source articles0

Independent0

Info Completeness0/14

Missing: cve_id, title, description, vendor, product, versions, cvss, epss, cwe, kev, exploit, patch, iocs, mitre_attack

Community Vote

0 upvotes0 downvotes

No votes yet

Related CVEs (5)

HIGHCVE-2026-30573

A Business Logic vulnerability exists in SourceCodester Pharmacy Product Management System 1.0. The vulnerability is located in the add-sales.php file. The application fails to validate the "txtprice"

MEDIUMCVE-2026-30526

A Reflected Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Zoo Management System v1.0. The vulnerability is located in the login page, specifically within the msg parameter. The app

MEDIUMCVE-2026-30523

A Business Logic vulnerability exists in SourceCodester Loan Management System v1.0 due to the lack of proper input validation. The application allows administrators to define "Loan Plans" which deter

NONECVE-2026-5325

SourceCodester Simple Customer Relationship Management System Create Ticket create-ticket.php cross site scripting

MEDIUMCVE-2026-5326

SourceCodester Leave Application System User Information index.php authorization

Pin to Dashboard

Verification

State: unverified

Confidence: 0%

Vulnerability Timeline

CVE Published

Apr 2, 2026

Discovered by ZDM

Apr 2, 2026