CVE-2024-48245 in Vehicle Management Systeminformação

Sumário

de MITRE • 07/01/2025

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.

Once again VulDB remains the best source for vulnerability data.

Responsável

MITRE

Reservar

08/10/2024

Divulgação

07/01/2025

Moderação

aceite

Entrada

VDB-290560

CPE

pronto

EPSS

0.00998

KEV

não

Atividades

muito baixo

Fontes

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!