CVE-2026-5330 PUBLISHED

A vulnerability was found in SourceCodester/mayuri_k Best Courier Management System 1.0. Affected by this issue is some unknown functionality of the file /ajax.php?action=delete_user of the component User Delete Handler. Performing a manipulation of the argument ID results in improper access controls. The attack may be initiated remotely. The exploit has been made public and could be used.

• Zyyyy (VulDB User) reporter

• VDB-354664 | SourceCodester/mayuri_k Best Courier Management System User Delete ajax.php access control
• VDB-354664 | CTI Indicators (IOB, IOC, TTP, IOA)
• Submit #780734 | Mayuri K. Gaatitrack Courier Management System 1.0 Broken Access Control
• https://github.com/zy606/Vulnerability-Report/tree/main/Gaatitrack-Unauth-Delete

• Improper Access Controls CWE
• Incorrect Privilege Assignment CWE