### Vulnerability Key Information Summary **Vulnerability Name:** SourceCoderster/mayuri_l Best Courier Management System 1.0 User Delete AJAX.PHP? Action=Delete_User ID Access Control **CVE ID:** CVE-2026-5330 **CVSS Score:** 5.9 (The summary classifies it as "Critical", despite the score typically indicating Medium) **Current Exploit Price:** $0–$5k **Vulnerability Overview:** This is a critical access control vulnerability affecting the `User Delete Handler` component in `SourceCoderster/mayuri_l Best Courier Management System 1.0`. The vulnerability exists in the `ajax.php?action=delete_user` endpoint. Attackers can bypass access controls by manipulating the `id` parameter, enabling unauthorized user deletion. **Impact Scope:** - **Affected Product:** SourceCoderster/mayuri_l Best Courier Management System 1.0 - **Affected File:** `/ajax.php?action=delete_user` - **Specific Component:** User Delete Handler - **Consequences:** Unauthorized access, potentially impacting system integrity and availability. Exploitation is remotely feasible. **Remediation:** No specific fix, patch link, or code-level remediation guidance is provided on the page. **POC/Exploit Code:** No complete code block is provided. However, the vulnerable request path and parameter are identified: ```text /ajax.php?action=delete_user ``` Exploitation involves manipulating the `id` parameter.