Autoexpress Security Vulnerabilities and Issues — Autoexpress CVE List

Lucene search

TramyardgAutoexpress

4 matches found

CVE•added 2024/04/19 9:15 p.m.•45 views

CVE-2024-30974

SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter.

7.3CVSS8.2AI score0.00037EPSS

CVE•added 2024/03/21 4:15 a.m.•44 views

CVE-2023-48903

Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.

6.1CVSS5.6AI score0.00137EPSS

CVE•added 2024/03/21 4:15 a.m.•42 views

CVE-2023-48902

An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.

9.8CVSS7.6AI score0.00153EPSS

CVE•added 2024/03/21 4:15 a.m.•40 views

CVE-2023-48901

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.

9.8CVSS8.8AI score0.0052EPSS