CVE-2024-48245

HIGH

Vehicle Management System 1.0 - SQL Injection via Booking ID, Action Name, or Payment Confirmation ID

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-48245. PoCs published by ShadowByte1.

AI-analyzed exploit summary This repository contains a detailed writeup describing an SQL Injection vulnerability (CVE-2024-48245) in Vehicle Management System versions 1.0 to 1.3. It outlines affected parameters, endpoints, and potential impacts but does not include exploit code.

Description

Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php.

Exploits (1)

nomisec WRITEUP 1 stars
by ShadowByte1 · poc
https://github.com/ShadowByte1/CVE-2024-48245

This repository contains a detailed writeup describing an SQL Injection vulnerability (CVE-2024-48245) in Vehicle Management System versions 1.0 to 1.3. It outlines affected parameters, endpoints, and potential impacts but does not include exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Vehicle Management System 1.0 - 1.3
Auth required
Prerequisites: Access to vulnerable endpoints · Low-authenticated guest or admin credentials
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Not Applicable
http://vehicle.com
Mitigation, Third Party Advisory
https://github.com/ShadowByte1/CVE-2024-48245

Scores

CVSS v3 7.2
EPSS 0.0102
EPSS Percentile 58.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-89
Status published
Products (1)
janobe/vehicle_management_system 1.0
Published Jan 07, 2025
Tracked Since Feb 18, 2026