CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...

CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...

CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...

PT-2024-23698 · Unknown · Autoexpress

Name of the Vulnerable Software and Affected Versions: autoexpress version 1.3.0 Description: The issue allows attackers to run arbitrary SQL commands via the carId parameter, potentially leading to unauthorized data access or modification. Recommendations: For autoexpress version 1.3.0, avoid...

CVE-2024-30974

Summary: CVE-2024-30974 affects autoexpress v1.3.0 and is described as a SQL Injection via the carId parameter, enabling attackers to execute arbitrary SQL commands. The primary sources (NVD/Red Hat/CVE listings) consistently state this vulnerability originates from unsafely handling the carId in...

AutoExpress SQL注入漏洞

AutoExpress is a car dealership application for car dealers and car buyers by Raymart DG Individual Developers. AutoExpress version v.1.3.0 suffers from a SQL injection vulnerability that originates from allowing an attacker to run arbitrary SQL commands via the carId parameter...

CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

Autoexpress 安全漏洞

AutoExpress is a car dealership application for car dealers and car buyers by Raymart DG Individual Developer. A security vulnerability exists in Autoexpress version 1.3.0, which stems from the presence of a SQL injection vulnerability that could allow an unauthenticated, remote attacker to execu...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

AutoExpress 安全漏洞

AutoExpress is a car dealership application for car dealers and car buyers by Raymart DG Individual Developer. A security vulnerability exists in Autoexpress version 1.3.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that could allow an unauthenticated, remote...

CVE-2023-48902

The CVE-2023-48902 entry concerns tramyardg autoexpress 1.3.0, where an authentication bypass in uploadCarImages.php allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload images. The issue is supported by multiple sources: NVD/NVDB entries de...

PT-2024-13658 · Unknown · Tramyardg Autoexpress

Name of the Vulnerable Software and Affected Versions: tramyardg autoexpress version 1.3.0 Description: An issue in tramyardg autoexpress allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in the...