CVE-2017-1000474

CRITICAL

Soyket Chowdhury Vehicle Sales Management System 2017-07-30 - RCE

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-1000474. PoCs published by Sing.

AI-analyzed exploit summary The exploit demonstrates multiple vulnerabilities in VSMS PHP, including arbitrary file upload leading to RCE, SQL injection, stored XSS, and information leakage. It provides clear PoC commands for each vulnerability.

Description

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.

Exploits (1)

exploitdb WORKING POC
by Sing · textwebappsphp
https://www.exploit-db.com/exploits/44318

The exploit demonstrates multiple vulnerabilities in VSMS PHP, including arbitrary file upload leading to RCE, SQL injection, stored XSS, and information leakage. It provides clear PoC commands for each vulnerability.

Classification
Working Poc 95%
Attack Type
Rce | Sqli | Xss | Info Leak
Complexity
Trivial
Reliability
Reliable
Target: VSMS PHP v07/2017 (possibly v1.2)
Auth required
Prerequisites: Valid session cookie (PHPSESSID) · Network access to target · Ability to upload files
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/44318/
Third Party Advisory x_refsource_misc
http://singsip.wixsite.com/singsip/vuln

Scores

CVSS v3 9.8
EPSS 0.0217
EPSS Percentile 79.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-89
Status published
Products (1)
vehicle_sales_management_system_project/vehicle_sales_management_system 2017-07-30
Published Jan 24, 2018
Tracked Since Feb 18, 2026