cvedb.io
CVE-2024-48245
HIGH · CVSS 7.2
EPSS exploitation probability: 0%
Published 2025-01-07T16:15:34.730 · Last modified 2026-06-17T07:58:21.020

Summary

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.

Affected products

janobe — vehicle_management_system

Does this affect you?

Add your gear to cvedb and we'll alert you only when janobe ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.