Tramyardg: >> Autoexpress >> 1.3.0 Security Vulnerabilities
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-03-21
Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-03-21
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.
CVSS Score
9.8
EPSS Score
0.007
Published
2024-03-21