CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-48245

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 64.3%

CVSS Severity

CVSS v3 Score 7.2

References

http://vehicle.com
https://github.com/ShadowByte1/CVE-2024-48245

Products affected by CVE-2024-48245

Janobe » Vehicle Management System » Version: 1.0

cpe:2.3:a:janobe:vehicle_management_system:1.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-48245

Products

Pricing

Contact Us