CVE-2022-44279
https://notcve.org/view.php?id=CVE-2022-44279
Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. Garage Management System v1.0 es vulnerable a Cross Site Scripting (XSS) a través de /garage/php_action/createBrand.php. • https://github.com/Onetpaer/bug_report/blob/main/vendors/mayuri_k/garage-management-system/xss1.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-41551
https://notcve.org/view.php?id=CVE-2022-41551
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/editorder.php. Se descubrió que Garage Management System v1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro id en /garage/editorder.php. • https://github.com/Happyd99/bug_report/blob/main/vendors/mayuri_k/garage-management-system/SQLi-1.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-41358 – Garage Management System 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2022-41358
A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the categoriesName parameter in createCategories.php. Una vulnerabilidad de tipo cross-site scripting (XSS) almacenado en Garage Management System versión v1.0, permite a atacantes ejecutar scripts web o HTML arbitrarios por medio de una carga útil diseñada inyectada en el parámetro categoriesName en el archivo createCategories.php Garage Management System version 1.0 suffers from a persistent cross site scripting vulnerability. • https://github.com/thecasual/CVE-2022-41358 http://packetstormsecurity.com/files/168718/Garage-Management-System-1.0-Cross-Site-Scripting.html https://cxsecurity.com/issue/WLB-2022100037 https://vulmon.com/vulnerabilitydetails?qid=CVE-2022-41358 https://www.samwallace.dev/research/Stored%20XSS%20in%20GMS%201.0 https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-38877
https://notcve.org/view.php?id=CVE-2022-38877
Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id=1. Garage Management System versión v1.0, es vulnerable a una ejecución de código arbitrario por medio del archivo ip/garage/php_action/editProductImage.php?id=1 • https://github.com/MagicWHat/bug_report/blob/main/vendors/mayuri_k/garage-management-system/RCE-1.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2022-36668
https://notcve.org/view.php?id=CVE-2022-36668
Garage Management System 1.0 is vulnerable to Stored Cross Site Scripting (XSS) on several parameters. The vulnerabilities exist during creating or editing the parts under parameters. Using the XSS payload, the Stored XSS triggered and can be used for further attack vector. Garage Management Systems versión 1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) Almacenado en varios parámetros. Las vulnerabilidades se presentan durante la creación o edición de las partes bajo parámetros. • https://github.com/saitamang/POC-DUMP/blob/main/Garage%20Management%20System/README.md https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •