CVE-2023-48902

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-48902

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48902.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-48902

Published

2024-03-21T04:15:09.013Z

Modified

2026-03-14T12:22:52.941841Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.

References

https://packetstormsecurity.com/files/177661/Tramyardg-Autoexpress-1.3.0-Authentication-Bypass.html

Affected packages

Git / github.com/tramyardg/autoexpress

Affected ranges

Type

GIT

Repo

https://github.com/tramyardg/autoexpress

Events

Introduced

Last affected

5720984b6a8c84d512377322ccaaa3b0ad3749eb

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "1.3.0-alpha"
        }
    ]
}

Affected versions

v1.*

v1.0-alpha

v1.0.0-alpha

v1.1.0-alpha

v1.2.0-alpha

v1.3.0-alpha

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-48902.json"