CVE-2024-48245 Information

Description

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions such as booking a vehicle or confirming a booking. The affected parameters include \Booking ID\ \Action Name\ and \Payment Confirmation ID\ which are present in /newvehicle.php and /newdriver.php.

Reference

http://vehicle.com https://github.com/ShadowByte1/CVE-2024-48245