Automotive Shop Management System Project: >> Automotive Shop Management System >> 1.0 Security Vulnerabilities
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-18
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-17
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=.
CVSS Score
7.2
EPSS Score
0.001
Published
2022-11-17
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).
CVSS Score
9.8
EPSS Score
0.02
Published
2022-05-26
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.
CVSS Score
5.4
EPSS Score
0.001
Published
2022-05-26
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)
CVSS Score
9.8
EPSS Score
0.004
Published
2022-05-26
Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.
CVSS Score
5.4
EPSS Score
0.003
Published
2022-05-24
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.
CVSS Score
8.8
EPSS Score
0.003
Published
2022-05-24
Page 2