CVE-2017-1000474

moderate-risk

Published 2018-01-24

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.

Do I need to act?

2.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

1 public exploit available

44318

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 9.8/10 Critical

NETWORK / LOW complexity

Affected Products (1)

Vehicle Sales Management System

Affected Vendors

Vehicle Sales Management System Project

References (4)

Third Party Advisory http://singsip.wixsite.com/singsip/vuln

https://www.exploit-db.com/exploits/44318/

Third Party Advisory http://singsip.wixsite.com/singsip/vuln

https://www.exploit-db.com/exploits/44318/

/ 100

moderate-risk

Severity 32/34 · Critical

Exploitability 6/34 · Minimal

Exposure 5/34 · Minimal