CVE-2017-1000474 – Vehicle Sales Management System - Multiple Vulnerabilities

https://notcve.org/view.php?id=CVE-2017-1000474

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing. Soyket Chowdhury Vehicle Sales Management System, versión 2017-07-30, es vulnerable a múltiples inyecciones de SQL en los scripts login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php y login/sell.php. Esto conlleva la exposición de las credenciales de inicio de sesión del usuario, una inyección SQL y a una vulnerabilidad de XSS persistente, que conduce a la ejecución remota de código. Vehicle Sales Management System suffers from cross site scripting, shell upload, and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/44318 http://singsip.wixsite.com/singsip/vuln • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •