Xionggang Zhang

**Name of the Vulnerable Software and Affected Versions** autoexpress version 1.3.0 **Description** The issue allows attackers to run arbitrary SQL commands via the `carId` parameter, potentially leading to unauthorized data access or modification. **Recommendations** For autoexpress version 1.3.0, avoid using the `carId` parameter in affected API endpoints until the issue is resolved. Consider restricting access to the database to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.