CVE-2017-1000474 Information

Description

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php login/profile.php login/Actions.php login/manage_employee.php and login/sell.php scripts resulting in the expose of user’s login credentials SQL Injection and Stored XSS vulnerability which leads to remote code executing.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://singsip.wixsite.com/singsip/vuln https://www.exploit-db.com/exploits/44318/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8