Product:

Automotive_shop_management_system

(Automotive_shop_management_system_project)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2022-11-18 CVE-2022-44820 Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=. Automotive_shop_management_system 7.2
2022-11-17 CVE-2022-44402 Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction. Automotive_shop_management_system 7.2
2022-11-17 CVE-2022-44403 Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=. Automotive_shop_management_system 7.2
2022-05-26 CVE-2022-30495 In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) Automotive_shop_management_system 9.8
2022-05-26 CVE-2022-30493 In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). Automotive_shop_management_system 9.8
2022-05-26 CVE-2022-30494 In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs. Automotive_shop_management_system 5.4
2022-05-24 CVE-2022-30458 Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name. Automotive_shop_management_system 5.4
2022-05-24 CVE-2022-30463 Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product. Automotive_shop_management_system 8.8