CVE-2021-46078 Exploit Title: Vehicle Service Management System – ‘Multiple’ File upload Leads to Stored Cross-Site ScriptingExploit Author: P.L.SanuCVE: CVE-2021-46078CVSS: 4.8 MEDIUMReferences:https://www.plsanu.com/vehicle-service-management-system-multiple-file-upload-leads-to-stored-cross-site-scriptinghttps://nvd.nist.gov/vuln/detail/CVE-2021-46078https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46078 Description:An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious...

CVE-2021-46076 Exploit Title: Vehicle Service Management System – ‘Multiple’ File upload Leads to Code ExecutionExploit Author: P.L.SanuCVE: CVE-2021-46076CVSS: 8.8 HIGHReferences:https://www.plsanu.com/vehicle-service-management-system-multiple-file-upload-leads-to-code-executionhttps://nvd.nist.gov/vuln/detail/CVE-2021-46076https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46076 Description:Sourcecodester Vehicle Service Management System 1.0 is vulnerable to File upload. An attacker can upload a malicious php file in...

CVE-2021-46075 Exploit Title: Vehicle Service Management System – ‘Multiple’ Privilege Escalation Leads to CRUD OperationsExploit Author: P.L.SanuCVE: CVE-2021-46075CVSS: 7.2 HIGHReferences:https://www.plsanu.com/vehicle-service-management-system-multiple-privilege-escalation-leads-to-crud-operationshttps://nvd.nist.gov/vuln/detail/CVE-2021-46075https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46075 Description:A Privilege Escalation vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. Staff account users can access the admin resources...

CVE-2021-46074 Exploit Title: Vehicle Service Management System – ‘Settings’ Stored Cross Site Scripting (XSS)Exploit Author: P.L.SanuCVE: CVE-2021-46074CVSS: 4.8 MEDIUMReferences:https://www.plsanu.com/vehicle-service-management-system-settings-stored-cross-site-scripting-xsshttps://nvd.nist.gov/vuln/detail/CVE-2021-46074https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-46074 Description:A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login...