Autoexpress

autoexpress

Vendor: Tramyardg • 4 CVEs

CVEs (4)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-30974 1Tramyardg 1Autoexpress Sep 23, 2025 Apr 19, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter.
CVE-2023-48903 1Tramyardg 1Autoexpress May 19, 2025 Mar 21, 2024 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.
CVE-2023-48902 1Tramyardg 1Autoexpress May 19, 2025 Mar 21, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadC...Show more An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.Show less
CVE-2023-48901 1Tramyardg 1Autoexpress May 19, 2025 Mar 21, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details....Show more A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.Show less