CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36637
https://notcve.org/view.php?id=CVE-2022-36637
Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. Se ha detectado que Garage Management System versión v1.0, contiene una vulnerabilidad persistente de tipo cross-site scripting (XSS) por medio del parámetro brand_name en /brand.php • https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0 https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36636
https://notcve.org/view.php?id=CVE-2022-36636
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. Se ha detectado que Garage Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /print.php • https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0 https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36582
https://notcve.org/view.php?id=CVE-2022-36582
An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Una vulnerabilidad de carga de archivos arbitraria en el componente /php_action/createProduct.php de Garage Management System versión v1.0, permite a atacantes ejecutar código arbitrario por medio de un archivo PHP diseñado • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Garage-Management-System/Arbitrary-File-Upload-Vulnerability.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37184
https://notcve.org/view.php?id=CVE-2022-37184
The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. La aplicación manage_website.php en Garage Management System versión 1.0, es vulnerable a una Carga de Archivos Shell. El usuario malicioso ya autenticado, puede subir un archivo de explotación peligroso RCE o LCE • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Garage-Management-System-1.0-SFU • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2672 – SourceCodester Garage Management System createUser.php sql injection
https://notcve.org/view.php?id=CVE-2022-2672
A vulnerability was found in SourceCodester Garage Management System. It has been classified as critical. Affected is an unknown function of the file createUser.php. The manipulation of the argument userName/uemail leads to sql injection. It is possible to launch the attack remotely. • https://vuldb.com/?id.205656 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •