In Toll Tax Management System 1.0, the id parameter appears to be vulnerable to SQL injection attacks.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 9.8 | CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 3.9 | 5.9 |
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| toll_tax_management_system_project | toll_tax_management_system | 1.0 |
Toll-tax-management-system v1.0 is vulnerable to Cross Site Scripting (XSS) via /ttms/classes/Master.php?f=save_recipient, vehicle_name.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 5.4 | MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N | 2.3 | 2.7 |
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| toll_tax_management_system_project | toll_tax_management_system | 1.0 |
Cross Site Scripting (XSS) vulnerability in sourcecodester Toll Tax Management System 1.0 allows remote attackers to run arbitrary code via the First Name and Last Name fields on the My Account page.
Products Affected
| Vendor | Product | Version |
|---|---|---|
| toll_tax_management_system_project | toll_tax_management_system | 1.0 |
Sourcecodester Toll Tax Management System v1 is vulnerable to SQL Injection.
CVSS 3.x
| Source | Score | Severity | Vector | Exploitability | Impact |
|---|---|---|---|---|---|
| nvd@nist.gov | 7.2 | HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H | 1.2 | 5.9 |
Products Affected
| Vendor | Product | Version |
|---|---|---|
| toll_tax_management_system_project | toll_tax_management_system | 1.0 |