Vulnerabilities > Automotive Shop Management System Project > Automotive Shop Management System

DATE CVE VULNERABILITY TITLE RISK
2022-11-18 CVE-2022-44379 SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.
7.2
2022-11-17 CVE-2022-44402 SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction.
7.2
2022-11-17 CVE-2022-44403 SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=.
7.2
2022-05-26 CVE-2022-30493 SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).
network
low complexity
automotive-shop-management-system-project CWE-89
critical
10.0
2022-05-26 CVE-2022-30494 Cross-site Scripting vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.
3.5
2022-05-26 CVE-2022-30495 Authorization Bypass Through User-Controlled Key vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)
7.5
2022-05-24 CVE-2022-30458 Cross-site Scripting vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0
Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.
3.5
2022-05-24 CVE-2022-30463 SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.
6.5