SQL Injection Vulnerability in Vehicle Management System 1.0 - 1.3
Vehicle Management System 1.0 is vulnerable to SQL Injection. Low-authenticated guest users or administrative accounts can exploit vulnerable POST parameters in several endpoints to execute arbitrary SQL commands. This can lead to unauthorized database access, data retrieval, or privilege escalation.
Booking ID
Action Name
Payment Confirmation ID
/vehicle-management/newvehicle.php
/vehicle-management/newdriver.php
Type: SQL Injection
Vendor: Vehicle Management System
Affected Version: 1.0
Guest User: Exploits can be performed via the Booking Action Name parameter during vehicle booking.
Admin User: Additional affected components accessible through the admin interface.
Exploiting this vulnerability allows attackers to:
Bypass authentication or access sensitive information.
Manipulate or delete database records.
Escalate privileges and execute unauthorized administrative actions.
Validate and sanitize all user input, especially POST parameters.
Use parameterized queries or prepared statements to prevent SQL Injection.
Restrict access to sensitive endpoints and enforce strong authentication measu