Car Dealer < 4.16 - Admin+ Content Injection

Description The Car Dealer Dealership and Vehicle sales plugin for WordPress is vulnerable to unauthorized content injection due to insufficient input validation in all versions up to, and including, 4.15. This makes it possible for authenticated attackers, with administrator-level access and...

Cross site request forgery (csrf)

The Car Dealer Dealership and Vehicle sales WordPress Plugin WordPress plugin before 3.05 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org...

CVE-2022-3879

CVE-2022-3879 affects the WordPress Car Dealer (Dealership) and Vehicle Sales plugin, version

PT-2022-24569 · WordPress · The Car Dealer (Dealership)/Vehicle Sales Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Car Dealer Dealership and Vehicle sales WordPress Plugin versions prior to 3.05 Description: The issue is related to improper authorization and CSRF in an AJAX action. This allows any authenticated users, such as subscribers, to call the...

Automotive Shop Management System Cross-Site Scripting Vulnerability (CNVD-2022-77486)

Automotive Shop Management System is a system with customer management, vehicle sales, parts sales, repair and maintenance, agency services, auto credit, auto leasing, used car trading, and performance management functions. xss vulnerability exists in Automotive Shop Management System v1.0. An...

Feds Arrest 74 Email Fraudsters Involved in Nigerian BEC Scams

The United States Department of Justice announced Monday the arrest of 74 email fraudsters across three continents in a global crackdown on a large-scale business email compromise BEC scheme. The arrest was the result of a six-month-long operation dubbed "Operation Wire Wire" that involved the US...

Soyket Chowdhury Vehicle Sales Management System Code Execution Vulnerability

Soyket Chowdhury Vehicle Sales Management System is an online vehicle sales system script. A security vulnerability exists in multiple scripts in Soyket Chowdhury Vehicle Sales Management System version 2017-07-30. An attacker can exploit this vulnerability to obtain user login accounts and perfo...

Sql injection

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manageemployee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Store...

CVE-2017-1000474

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manageemployee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Store...

CVE-2017-1000474

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manageemployee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Store...

CVE-2017-1000474

The CVE refers to Soyket Chowdhury Vehicle Sales Management System (VSMS) v2017-07-30 with multiple vulnerabilities in login scripts (vehicle.php, profile.php, Actions.php, manage_employee.php, sell.php) enabling SQL Injection and Stored XSS that can lead to remote code execution. Connected data ...

CVE-2017-1000474

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manageemployee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Store...