Automotive Shop Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /asms/classes/Master.php?f=save_product, name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_product.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 8.8 | HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H | 2.8 | 5.9 |
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
In oretnom23 Automotive Shop Management System v1.0, the product id parameter suffers from a blind SQL Injection Vulnerability allowing remote attackers to dump all database credential and gain admin access(privilege escalation).
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
In oretnom23 Automotive Shop Management System v1.0, the first and last name user fields suffer from a stored XSS Injection Vulnerability allowing remote attackers to gain admin access and view internal IPs.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation)
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-639,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 is vulnerable to Delete any file via /asms/classes/Master.php?f=delete_img.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 is vulnerable to SQL via /asms/classes/Master.php?f=delete_mechanic.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_service.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/classes/Master.php?f=delete_transaction.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=user/manage_user&id=.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/manage_mechanic.php?id=.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/services/manage_service.php?id=.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/mechanics/view_mechanic.php?id=.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 is vulnerable to SQL Injection via /asms/admin/?page=transactions/manage_transaction&id=.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /services/view_service.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/products/view_product.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /asms/admin/products/manage_product.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |
Automotive Shop Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /admin/transactions/update_status.php.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| automotive_shop_management_system_project | automotive_shop_management_system | 1.0 |