Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.
References
Link | Resource |
---|---|
http://singsip.wixsite.com/singsip/vuln | Third Party Advisory |
https://www.exploit-db.com/exploits/44318/ | |
http://singsip.wixsite.com/singsip/vuln | Third Party Advisory |
https://www.exploit-db.com/exploits/44318/ |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:04
Type | Values Removed | Values Added |
---|---|---|
References | () http://singsip.wixsite.com/singsip/vuln - Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/44318/ - |
Information
Published : 2018-01-24 22:29
Updated : 2024-11-21 03:04
NVD link : CVE-2017-1000474
Mitre link : CVE-2017-1000474
CVE.ORG link : CVE-2017-1000474
JSON object : View
Products Affected
vehicle_sales_management_system_project
- vehicle_sales_management_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')