CVE-2017-1000474

Name of the Vulnerable Software and Affected Versions Soyket Chowdhury Vehicle Sales Management System version 2017-07-30

Description The issue affects multiple scripts, including login/vehicle.php, login/profile.php, login/Actions.php, login/manage employee.php, and login/sell.php, allowing for SQL Injection and Stored XSS. This can lead to the exposure of user login credentials and potentially enable remote code execution.

Recommendations For Soyket Chowdhury Vehicle Sales Management System version 2017-07-30, consider disabling the affected scripts until a patch is available. Restrict access to the login directory to minimize the risk of exploitation. Avoid using sensitive user input in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.