← Back

Tramyardg

tramyardg

4 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Autoexpress
autoexpress
4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2024-30974
1Tramyardg
1Autoexpress
Sep 23, 2025
Apr 19, 2024
N/A· v4
7.3 HIGH· v3
N/A· v2
SQL Injection vulnerability in autoexpress v.1.3.0 allows attackers to run arbitrary SQL commands via the carId parameter.
CVE-2023-48903
1Tramyardg
1Autoexpress
May 19, 2025
Mar 21, 2024
N/A· v4
6.1 MEDIUM· v3
N/A· v2
Stored Cross-Site Scripting (XSS) vulnerability in tramyardg autoexpress 1.3.0, allows remote unauthenticated attackers to inject arbitrary web script or HTML within parameter "imgType" via in uploadCarImages.php.
CVE-2023-48902
1Tramyardg
1Autoexpress
May 19, 2025
Mar 21, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadC...Show more
An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.Show less
CVE-2023-48901
1Tramyardg
1Autoexpress
May 19, 2025
Mar 21, 2024
N/A· v4
9.8 CRITICAL· v3
N/A· v2
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details....Show more
A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0, allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter "id" within the getPhotosByCarId function call in details.php.Show less