Garage Management System
CVE-2022-36161
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter.
AnalysisAI
Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as SQL Injection (CWE-89), which allows attackers to execute arbitrary SQL commands against the database. Orange Station 1.0 was discovered to contain a SQL injection vulnerability via the username parameter. Affected products include: Garage Management System Project Garage Management System.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use parameterized queries/prepared statements. Never concatenate user input into SQL. Apply least-privilege database permissions.
More in Garage Management System
View allA vulnerability, which was classified as critical, has been found in SourceCodester Garage Management System 1.0.php. Ra
Garage Management System 1.0 is vulnerable to the Remote Code Execution (RCE) due to the lack of filtering from the file
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /print.php
The application manage_website.php on Garage Management System 1.0 is vulnerable to Shell File Upload. Rated high severi
A vulnerability classified as critical was found in SourceCodester Garage Management System 1.0. Rated high severity (CV
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/ed
Garage Management System v1.0 is vulnerable to Arbitrary code execution via ip/garage/php_action/editProductImage.php?id
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/ed
Garage Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /garage/ed
An arbitrary file upload vulnerability in the component /php_action/createProduct.php of Garage Management System v1.0 a
Garage Management System v1.0 is vulnerable to Cross Site Scripting (XSS) via /garage/php_action/createBrand.php. Rated
A stored cross-site scripting (XSS) vulnerability in Garage Management System v1.0 allows attackers to execute arbitrary
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today