Описание
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.
Ссылки
- Not Applicable
- MitigationThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:janobe:vehicle_management_system:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02847
Низкий
7.2 High
CVSS3
Дефекты
CWE-89
Связанные уязвимости
CVSS3: 7.2
github
около 1 года назад
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.
EPSS
Процентиль: 86%
0.02847
Низкий
7.2 High
CVSS3
Дефекты
CWE-89