Tramyardg Autoexpress version 1.3.0 suffers from a persistent cross site scripting vulnerability.
e5d38e6f27165a96b83eb9ff1357086d82ad45bbc6a91a8b4f1d9aa5f2e996a5
Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles.
a6b19ec46406ffd95a91f57125dc469d0979113c3d6a82b162a1b682d2ed2eca
Tramyardg Autoexpress version 1.3.0 suffers from a remote SQL injection vulnerability.
b6a01bb6956141a3ae4c607cc789894c67a647629befb99a934046f4a4a462f1