CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46076
https://notcve.org/view.php?id=CVE-2021-46076
Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in multiple endpoints it leading to Code Execution. Sourcecodester Vehicle Service Management System versión 1.0, es vulnerable a una carga de archivos. Un atacante puede cargar un archivo php malicioso en múltiples endpoints que conllevan a una ejecución de código. • https://github.com/plsanu/CVE-2021-46076 https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-File-upload-Leads-to-Code-Execution https://www.plsanu.com/vehicle-service-management-system-multiple-file-upload-leads-to-code-execution • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 3CVE-2021-46080
https://notcve.org/view.php?id=CVE-2021-46080
A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability. Se presenta una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en Vehicle Service Management System versión 1.0. Un ataque de tipo CSRF con éxito conlleva a una vulnerabilidad de tipo Cross Site Scripting Almacenado. • https://github.com/plsanu/CVE-2021-46080 https://github.com/plsanu/Vehicle-Service-Management-System-Multiple-Cross-Site-Request-Forgery-CSRF-Leads-to-XSS https://www.plsanu.com/vehicle-service-management-system-multiple-cross-site-request-forgery-csrf-leads-to-stored-cross-site-scripting-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-41962
https://notcve.org/view.php?id=CVE-2021-41962
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en Sourcecodester Vehicle Service Management System versión 1.0, por medio del parámetro Owner fullname en una petición de servicio de envío en vehicle_service • https://github.com/lohyt/-CVE-2021-41962 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000474 – Vehicle Sales Management System - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2017-1000474
Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing. Soyket Chowdhury Vehicle Sales Management System, versión 2017-07-30, es vulnerable a múltiples inyecciones de SQL en los scripts login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php y login/sell.php. Esto conlleva la exposición de las credenciales de inicio de sesión del usuario, una inyección SQL y a una vulnerabilidad de XSS persistente, que conduce a la ejecución remota de código. Vehicle Sales Management System suffers from cross site scripting, shell upload, and remote SQL injection vulnerabilities. • https://www.exploit-db.com/exploits/44318 http://singsip.wixsite.com/singsip/vuln • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •