Tramyardg Autoexpress vulnerabilities
4 known vulnerabilities affecting tramyardg/autoexpress.
Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2023-48902P2CRITICALCVSS 9.8v1.3.02024-03-21
CVE-2023-48902 [CRITICAL] CWE-269 CVE-2023-48902: An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attack
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.
nvd
CVE-2023-48901P3CRITICALCVSS 9.8v1.3.02024-03-21
CVE-2023-48901 [CRITICAL] CWE-89 CVE-2023-48901: A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.
nvd
CVE-2024-30974P3HIGHCVSS 7.3v1.3.02024-04-19
CVE-2024-30974 [HIGH] CWE-89 CVE-2024-30974: SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands vi
SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter.
nvd
CVE-2023-48903P4MEDIUMCVSS 6.1v1.3.02024-03-21
CVE-2023-48903 [MEDIUM] CWE-79 CVE-2023-48903: Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauth
Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.
nvd