PT-2024-13658 · Unknown · Tramyardg Autoexpress
Published
2024-03-21
·
Updated
2024-08-08
·
CVE-2023-48902
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
tramyardg autoexpress version 1.3.0
Description
An issue in tramyardg autoexpress allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in the "uploadCarImages.php" file.
Recommendations
For tramyardg autoexpress version 1.3.0, ensure strict user authentication to prevent unauthorized access, and review the system for potential patches as soon as possible. As a temporary workaround, consider restricting access to the "uploadCarImages.php" file until a patch is available.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tramyardg Autoexpress