Skip to content

Instantly share code, notes, and snippets.

View Flower-fertilizer's full-sized avatar
🥵
可口岩太好吃了鼓咯

yusakie Flower-fertilizer

🥵
可口岩太好吃了鼓咯
2 followers · 7 following
View GitHub Profile
@Flower-fertilizer
Flower-fertilizer / CVE-2023-27667
Created April 12, 2023 08:14
[CVE ID]
CVE-2023-27667
[PRODUCT]
Auto Dealer Management System - v 1.0
[VERSION]
Auto Dealer Management System - v 1.0
[PROBLEM TYPE]
SQL Injection
[DESCRIPTION]
SQL Injection on page view_car_type.php and parameter is id, application url is (/view_car_type.php?id=?)
@Flower-fertilizer
Flower-fertilizer / CVE-2023-27666
Created April 12, 2023 08:01
[CVE ID]
CVE-2023-27666
[PRODUCT]
Auto Dealer Management System - v 1.0
[VERSION]
Auto Dealer Management System - v 1.0
[PROBLEM TYPE]
Cross Site Scripting (XSS)
[DESCRIPTION]
The XSS vulnerability exists in the "name" parameter of /adms/classes/SystemSettings.php?f=update_settings.