4 matches found
CVE-2023-48903
CVE-2023-48903 affects tramyardg Autoexpress 1.3.0. The stored XSS occurs in the uploadCarImages.php flow, where user-supplied input in the imgType (also reported as imageType[]) parameter can be injected to execute arbitrary script/HTML. The vulnerability is demonstrated in public writeups and P...
CVE-2024-30974
Summary: CVE-2024-30974 affects autoexpress v1.3.0 and is described as a SQL Injection via the carId parameter, enabling attackers to execute arbitrary SQL commands. The primary sources (NVD/Red Hat/CVE listings) consistently state this vulnerability originates from unsafely handling the carId in...
CVE-2023-48902
The CVE-2023-48902 entry concerns tramyardg autoexpress 1.3.0, where an authentication bypass in uploadCarImages.php allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload images. The issue is supported by multiple sources: NVD/NVDB entries de...
CVE-2023-48901
CVE-2023-48901 affects tramyardg Autoexpress v1.3.0. A SQL injection vulnerability exists in the details.php flow, where the getPhotosByCarId function uses the parameter id, enabling remote unauthenticated attackers to execute arbitrary SQL commands. The exploitation details and PoC are reference...