EUVD-2026-21889

A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLEID leads to sql injection. The attack may be initiated remotely. The...

CVE-2026-6166 code-projects Vehicle Showroom Management System UpdateVehicleFunction.php sql injection

A security vulnerability has been detected in code-projects Vehicle Showroom Management System 1.0. This issue affects some unknown processing of the file /util/UpdateVehicleFunction.php. The manipulation of the argument VEHICLEID leads to sql injection. The attack may be initiated remotely. The...

Code-Projects Vehicle Showroom Management System SQL注入漏洞

The Code-Projects Vehicle Showroom Management System is an open-source vehicle exhibition hall management system developed by Code-Projects. Version 1.0 of the Code-Projects Vehicle Showroom Management System contains a SQL injection vulnerability. This vulnerability arises from incorrect...

EUVD-2026-16654

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

CVE-2026-4955

The CVE-2026-4955 entry concerns Shenzhen Ruiming Technology Streamax Crocus 1.3.44. Affected component is the server-side function handling /OperateStatistic.do; crafting or manipulating the VehicleID parameter yields a SQL injection. Attacks are remotely executable, and the exploit has been mad...

PT-2026-28681

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.44. This impacts an unknown function of the file /OperateStatistic.do. The manipulation of the argument VehicleID results in sql injection. The attack can be launched remotely. The exploit has been made public and could ...

CVE-2025-11690

An Insecure Direct Object Reference IDOR vulnerability exists in the vehicleId parameter, allowing unauthorized access to sensitive information of other users’ vehicles. Exploiting this issue enables an attacker to retrieve data such as GPS coordinates, encryption keys, initialization vectors,...

Vulnerability fixed in CFMOTO Ride vehicle data management systems

CFMOTO has fixed a vulnerability in the backend of systems that manage vehicle data. The vulnerability is in the way the vehicleId parameter is handled, leading to an Insecure Direct Object Reference IDOR. This allows attackers to gain unauthorized access to sensitive information from other users...

CFMOTO RIDE 安全漏洞

CFMOTO RIDE is an in-vehicle vehicle data management system from the Chinese company CFMOTO. A security vulnerability exists in CFMOTO RIDE that stems from an insecure direct object reference in the vehicleId parameter, which could lead to unauthorized access to sensitive information of other use...

CVE-2022-31350

Online Car Wash Booking System v1.0 is vulnerable to SQL Injection via /ocwbs/admin/vehicles/managevehicle.php?id=...