CVE

CVE-2023-48902

Date: (C)2024-03-21   (M)2024-03-22

An issue was discovered in tramyardg autoexpress version 1.3.0, allows unauthenticated remote attackers to escalate privileges, update car data, delete vehicles, and upload car images via authentication bypass in uploadCarImages.php.

Reference:

https://packetstormsecurity.com/files/177661/Tramyardg-Autoexpress-1.3.0-Authentication-Bypass.html