42 matches found
EUVD-2022-38972
Malicious code in bioql PyPI...
EUVD-2022-31977
Malicious code in bioql PyPI...
EUVD-2022-50804
Malicious code in bioql PyPI...
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...
CVE-2022-48090
Tramyardg hotel-mgmt-system version 2022.4 is vulnerable to SQL Injection via /app/dao/CustomerDAO.php...
CVE-2022-36254
Multiple persistent cross-site scripting XSS vulnerabilities in index.php in tramyardg Hotel Management System 1.0 allow remote attackers to inject arbitrary web script or HTML via multiple parameters such as "fullname"...
CVE-2022-27475
Cross site scripting XSS vulnerability in tramyardg hotel-mgmt-system, allows attackers to execute arbitrary code when when /admin.php is loaded...
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...
CVE-2023-48901
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...
CVE-2023-48903
CVE-2023-48903 affects tramyardg Autoexpress 1.3.0. The stored XSS occurs in the uploadCarImages.php flow, where user-supplied input in the imgType (also reported as imageType[]) parameter can be injected to execute arbitrary script/HTML. The vulnerability is demonstrated in public writeups and P...
CVE-2023-48902
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php...
CVE-2023-48901
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...
CVE-2023-48901
CVE-2023-48901 affects tramyardg Autoexpress v1.3.0. A SQL injection vulnerability exists in the details.php flow, where the getPhotosByCarId function uses the parameter id, enabling remote unauthenticated attackers to execute arbitrary SQL commands. The exploitation details and PoC are reference...
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...
PT-2024-13658 · Unknown · Tramyardg Autoexpress
Name of the Vulnerable Software and Affected Versions: tramyardg autoexpress version 1.3.0 Description: An issue in tramyardg autoexpress allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in the...
CVE-2023-48901
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...
PT-2024-13657 · Unknown · Tramyardg Autoexpress
Name of the Vulnerable Software and Affected Versions: tramyardg Autoexpress version 1.3.0 Description: A SQL injection issue allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter id within the getPhotosByCarId function call in details.php. Recommendations: F...
PT-2024-13659 · Unknown · Tramyardg Autoexpress
Name of the Vulnerable Software and Affected Versions: tramyardg autoexpress version 1.3.0 Description: The issue allows remote unauthenticated attackers to inject arbitrary web script or HTML within the imgType parameter via the "uploadCarImages.php" endpoint. This enables attackers to perform a...
CVE-2023-48902
The CVE-2023-48902 entry concerns tramyardg autoexpress 1.3.0, where an authentication bypass in uploadCarImages.php allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload images. The issue is supported by multiple sources: NVD/NVDB entries de...