14 matches found
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...
CVE-2023-48901
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...
CVE-2023-48902
The CVE-2023-48902 entry concerns tramyardg autoexpress 1.3.0, where an authentication bypass in uploadCarImages.php allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload images. The issue is supported by multiple sources: NVD/NVDB entries de...
CVE-2023-48901
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...
PT-2024-13659 · Unknown · Tramyardg Autoexpress
Name of the Vulnerable Software and Affected Versions: tramyardg autoexpress version 1.3.0 Description: The issue allows remote unauthenticated attackers to inject arbitrary web script or HTML within the imgType parameter via the "uploadCarImages.php" endpoint. This enables attackers to perform a...
PT-2024-13657 · Unknown · Tramyardg Autoexpress
Name of the Vulnerable Software and Affected Versions: tramyardg Autoexpress version 1.3.0 Description: A SQL injection issue allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter id within the getPhotosByCarId function call in details.php. Recommendations: F...
CVE-2023-48902
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php...
CVE-2023-48903
Stored Cross-Site Scripting XSS vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php...
PT-2024-13658 · Unknown · Tramyardg Autoexpress
Name of the Vulnerable Software and Affected Versions: tramyardg autoexpress version 1.3.0 Description: An issue in tramyardg autoexpress allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in the...
CVE-2023-48901
CVE-2023-48901 affects tramyardg Autoexpress v1.3.0. A SQL injection vulnerability exists in the details.php flow, where the getPhotosByCarId function uses the parameter id, enabling remote unauthenticated attackers to execute arbitrary SQL commands. The exploitation details and PoC are reference...
CVE-2023-48901
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php...
Tramyardg Autoexpress 1.3.0 SQL Injection Vulnerability
Exploit Title: tramyardg autoexpress - SQL Injection Exploit Author: Scott White Vendor Homepage: https://github.com/tramyardg/autoexpress Version: v1.3.0 Tested on: Ubuntu 22.04.3 LTS + Apache/2.4.52 CVE : CVE-2023-48901 References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48901...