PT-2024-13658 · Unknown · Tramyardg Autoexpress

Name of the Vulnerable Software and Affected Versions: tramyardg autoexpress version 1.3.0 Description: An issue in tramyardg autoexpress allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in the...

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

Autoexpress 安全漏洞

AutoExpress is a car dealership application for car dealers and car buyers by Raymart DG Individual Developer. A security vulnerability exists in Autoexpress version 1.3.0, which stems from the presence of a SQL injection vulnerability that could allow an unauthenticated, remote attacker to execu...

PT-2024-13657 · Unknown · Tramyardg Autoexpress

Name of the Vulnerable Software and Affected Versions: tramyardg Autoexpress version 1.3.0 Description: A SQL injection issue allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter id within the getPhotosByCarId function call in details.php. Recommendations: F...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

CVE-2023-48902

The CVE-2023-48902 entry concerns tramyardg autoexpress 1.3.0, where an authentication bypass in uploadCarImages.php allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload images. The issue is supported by multiple sources: NVD/NVDB entries de...

PT-2024-13659 · Unknown · Tramyardg Autoexpress

Name of the Vulnerable Software and Affected Versions: tramyardg autoexpress version 1.3.0 Description: The issue allows remote unauthenticated attackers to inject arbitrary web script or HTML within the imgType parameter via the "uploadCarImages.php" endpoint. This enables attackers to perform a...

Tramyardg Autoexpress 1.3.0 Authentication Bypass Vulnerability

Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles. Exploit Title: tramyardg autoexpress - Authentication Bypass...

Tramyardg Autoexpress 1.3.0 SQL Injection Vulnerability

Exploit Title: tramyardg autoexpress - SQL Injection Exploit Author: Scott White Vendor Homepage: https://github.com/tramyardg/autoexpress Version: v1.3.0 Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52 CVE : CVE-2023-48901 References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48901...

Tramyardg Autoexpress 1.3.0 Cross Site Scripting

Exploit Title: tramyardg autoexpress - Stored Cross-Site Scripting XSS Google Dork: N/A Date: 11/28/2023 Exploit Author: Scott White Vendor Homepage: https://github.com/tramyardg/autoexpress Version: v1.3.0 Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52 CVE : CVE-2023-48903 References:...

Tramyardg Autoexpress 1.3.0 SQL Injection

Exploit Title: tramyardg autoexpress - SQL Injection Google Dork: N/A Date: 11/28/2023 Exploit Author: Scott White Vendor Homepage: https://github.com/tramyardg/autoexpress Version: v1.3.0 Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52 CVE : CVE-2023-48901 References:...

CVE-2017-9632

A Missing Encryption of Sensitive Data issue was discovered in PDQ Manufacturing LaserWash G5 and G5 S Series all versions, LaserWash M5, all versions, LaserWash 360 and 360 Plus, all versions, LaserWash AutoXpress and AutoExpress Plus, all versions, LaserJet, all versions, ProTouch Tandem, all...