CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...

CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...

CVE-2024-30974

Summary: CVE-2024-30974 affects autoexpress v1.3.0 and is described as a SQL Injection via the carId parameter, enabling attackers to execute arbitrary SQL commands. The primary sources (NVD/Red Hat/CVE listings) consistently state this vulnerability originates from unsafely handling the carId in...

CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...

AutoExpress SQL注入漏洞

AutoExpress is a car dealership application for car dealers and car buyers by Raymart DG Individual Developers. AutoExpress version v.1.3.0 suffers from a SQL injection vulnerability that originates from allowing an attacker to run arbitrary SQL commands via the carId parameter...

PT-2024-23698 · Unknown · Autoexpress

Name of the Vulnerable Software and Affected Versions: autoexpress version 1.3.0 Description: The issue allows attackers to run arbitrary SQL commands via the carId parameter, potentially leading to unauthorized data access or modification. Recommendations: For autoexpress version 1.3.0, avoid...

CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter...

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

CVE-2023-48903

Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

AutoExpress 安全漏洞

AutoExpress is a car dealership application for car dealers and car buyers by Raymart DG Individual Developer. A security vulnerability exists in Autoexpress version 1.3.0, which stems from the presence of a stored cross-site scripting XSS vulnerability that could allow an unauthenticated, remote...

Autoexpress 安全漏洞

AutoExpress is a car dealership application for car dealers and car buyers by Raymart DG Individual Developer. A security vulnerability exists in Autoexpress version 1.3.0 that originates from allowing an unauthenticated, remote attacker to escalate privileges, update car data, delete vehicles, a...

CVE-2023-48903

CVE-2023-48903 affects tramyardg Autoexpress 1.3.0. The stored XSS occurs in the uploadCarImages.php flow, where user-supplied input in the imgType (also reported as imageType[]) parameter can be injected to execute arbitrary script/HTML. The vulnerability is demonstrated in public writeups and P...

CVE-2023-48902

An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php...

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...

CVE-2023-48901

CVE-2023-48901 affects tramyardg Autoexpress v1.3.0. A SQL injection vulnerability exists in the details.php flow, where the getPhotosByCarId function uses the parameter id, enabling remote unauthenticated attackers to execute arbitrary SQL commands. The exploitation details and PoC are reference...