CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36637
https://notcve.org/view.php?id=CVE-2022-36637
Garage Management System v1.0 was discovered to contain a persistent cross-site scripting (XSS) vulnerability via the brand_name parameter at /brand.php. Se ha detectado que Garage Management System versión v1.0, contiene una vulnerabilidad persistente de tipo cross-site scripting (XSS) por medio del parámetro brand_name en /brand.php • https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0 https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.htm • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36636
https://notcve.org/view.php?id=CVE-2022-36636
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php. Se ha detectado que Garage Management System versión v1.0, contiene una vulnerabilidad de inyección SQL por medio del parámetro id en el archivo /print.php • https://senzee.net/index.php/2022/07/21/vulnerability-of-garage-management-system-1-0 https://www.sourcecodester.com/php/15485/garage-management-system-using-phpmysql-source-code.htm • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36582
https://notcve.org/view.php?id=CVE-2022-36582
An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP file. Una vulnerabilidad de carga de archivos arbitraria en el componente /php_action/createProduct.php de Garage Management System versión v1.0, permite a atacantes ejecutar código arbitrario por medio de un archivo PHP diseñado • https://github.com/zerrr0/Zerrr0_Vulnerability/blob/main/Garage-Management-System/Arbitrary-File-Upload-Vulnerability.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-37184
https://notcve.org/view.php?id=CVE-2022-37184
The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. The already authenticated malicious user, can upload a dangerous RCE or LCE exploit file. La aplicación manage_website.php en Garage Management System versión 1.0, es vulnerable a una Carga de Archivos Shell. El usuario malicioso ya autenticado, puede subir un archivo de explotación peligroso RCE o LCE • https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/mayuri_k/2022/Garage-Management-System-1.0-SFU • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-2579 – SourceCodester Garage Management System createUser.php cross site scripting
https://notcve.org/view.php?id=CVE-2022-2579
A vulnerability, which was classified as problematic, was found in SourceCodester Garage Management System 1.0. Affected is an unknown function of the file /php_action/createUser.php. The manipulation of the argument userName with the input lala<img src="" onerror=alert(1)> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ch0ing/vul/blob/main/WebRay.com.cn/Garage%20Management%20System%28XSS%29.md https://vuldb.com/?id.205302 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •