6 matches found
CVE-2023-0913
CVE-2023-0913 affects SourceCodester Auto Dealer Management System 1.0. The vulnerability is an SQL injection in the /adms/admin/?page=vehicles/sell_vehicle endpoint triggered by manipulating the id parameter. It is exploitable remotely and has public exploits (e.g., Exploit-DB entry Auto Dealer ...
CVE-2023-27666
CVE-2023-27666 affects Auto Dealer Management System v1.0. The issue is a cross-site scripting (XSS) vulnerability in the name parameter of the API endpoint /classes/SystemSettings.php?f=update_settings, as described in multiple sources in the connected documents. The CVSS 3.1 metrics indicate a ...
CVE-2023-0916
CVE-2023-0916 affects SourceCodester Auto Dealer Management System 1.0, tied to improper access controls in the /adms/classes/Users.php functionality. The vulnerability enables remote exploitation and has public disclosure (exploit DB entry shows “Broken Access Control” leading to compromise of a...
CVE-2023-0912
CVE-2023-0912 affects SourceCodester Auto Dealer Management System 1.0. A SQL injection vulnerability exists in the /adms/admin/?page=vehicles/view_transaction endpoint caused by manipulating the id parameter, with remote exploitation possible. Public exploits/disclosures exist (e.g., Exploit-DB,...
CVE-2023-0915
SourceCodester Auto Dealer Management System 1.0 is affected by CVE-2023-0915, a SQL injection in the admin endpoint /adms/admin/?page=user/manage_user caused by manipulating the id parameter. The vulnerability allows remote exploitation and has publicly disclosed exploits. Several connected sour...
CVE-2023-27667
CVE-2023-27667 affects Auto Dealer Management System v1.0 via a SQL injection vulnerability. The attack surface is network-accessible and can lead to confidentiality, integrity, and availability impacts (per CVSS 3.1: 9.8, CRITICAL). Public sources indicate an attacker could exploit SQL injection...