exploitDog

GHSA-7444-32c7-cjv4

Опубликовано: 21 мар. 2024

Источник: github

Github: Не прошло ревью

CVSS3: 9.8

Описание

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.

Ссылки

EPSS

Процентиль: 72%

0.00705

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89

Связанные уязвимости

CVE-2023-48901

CVSS3: 9.8

nvd

почти 2 года назад

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.

EPSS

Процентиль: 72%

0.00705

Низкий

9.8 Critical

CVSS3

CVE ID

Дефекты

CWE-89