CVE-2023-48901 Information

Description

A SQL injection vulnerability in tramyardg Autoexpress version 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the parameter \id\ within the getPhotosByCarId function call in details.php.

Reference

https://packetstormsecurity.com/files/177660/Tramyardg-Autoexpress-1.3.0-SQL-Injection.html