关键漏洞信息 漏洞ID: - VDB-332924 - CVE-2025-13396 - GCVE-100-332924 受影响产品: - Code-Projects Courier Management System 1.0 漏洞类型: - SQL Injection in - Critical vulnerability 受影响文件及参数: - File: - Parameter: 漏洞描述: - Manipulating the parameter can lead to SQL injection. - This vulnerability is categorized under CWE-89. - The system constructs SQL commands using external input without proper neutralization. 漏洞影响: - Confidentiality - Integrity - Availability CVE标识符: - CVE-2025-13396 漏洞利用情况: - Exploit is available on GitHub. - The exploit is declared as proof-of-concept. - Easy to exploit, can be launched remotely. 缓解措施: - No specific mitigation details provided, but it's recommended to replace the affected object with an alternative product.