Vulnerabilities > Automotive Shop Management System Project > Automotive Shop Management System > Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2022-05-26	CVE-2022-30495	Authorization Bypass Through User-Controlled Key vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) network low complexity automotive-shop-management-system-project CWE-639 critical	9.8
2022-05-26	CVE-2022-30493	SQL Injection vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation). network low complexity automotive-shop-management-system-project CWE-89 critical	9.8

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.