RSS   Vulnerabilities for
'Automotive shop management system'
   RSS

2022-05-26
 
CVE-2022-30493

CWE-89
 

 
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).

 
 
CVE-2022-30494

CWE-79
 

 
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.

 
2022-05-24
 
CVE-2022-30458

CWE-79
 

 
Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.

 
 
CVE-2022-30463

CWE-89
 

 
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.

 


Copyright 2022, cxsecurity.com

 

Back to Top