Lucene search
+L
TramyardgAutoexpress

4 matches found

CVE
CVE
added 2024/03/21 12:0 a.m.61 views

CVE-2023-48903

CVE-2023-48903 affects tramyardg Autoexpress 1.3.0. The stored XSS occurs in the uploadCarImages.php flow, where user-supplied input in the imgType (also reported as imageType[]) parameter can be injected to execute arbitrary script/HTML. The vulnerability is demonstrated in public writeups and P...

6.1CVSS5.6AI score0.00571EPSS
Web
CVE
CVE
added 2024/04/19 12:0 a.m.59 views

CVE-2024-30974

Summary: CVE-2024-30974 affects autoexpress v1.3.0 and is described as a SQL Injection via the carId parameter, enabling attackers to execute arbitrary SQL commands. The primary sources (NVD/Red Hat/CVE listings) consistently state this vulnerability originates from unsafely handling the carId in...

7.3CVSS8.2AI score0.0026EPSS
CVE
CVE
added 2024/03/21 12:0 a.m.56 views

CVE-2023-48902

The CVE-2023-48902 entry concerns tramyardg autoexpress 1.3.0, where an authentication bypass in uploadCarImages.php allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload images. The issue is supported by multiple sources: NVD/NVDB entries de...

9.8CVSS7.6AI score0.01277EPSS
Web
CVE
CVE
added 2024/03/21 12:0 a.m.55 views

CVE-2023-48901

CVE-2023-48901 affects tramyardg Autoexpress v1.3.0. A SQL injection vulnerability exists in the details.php flow, where the getPhotosByCarId function uses the parameter id, enabling remote unauthenticated attackers to execute arbitrary SQL commands. The exploitation details and PoC are reference...

9.8CVSS8.8AI score0.01031EPSS
Web