GCVE - cpe:2.3:a:janobe:vehicle_management

Approved changes feed: RSS · Atom

cpe:2.3:a:janobe:vehicle_management_system:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Janobe (`958e97e2-37fb-58eb-baa2-792f3e424acf`)
Product	Vehicle Management System (`5b38364d-4c06-5bd3-8c92-1e16b68b6595`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-2377`	vulnerable	2026-06-03 15:00:25.362938	SourceCodester Vehicle Management System confirmbooking.php cross site scripting LOW (3.5) A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /confirmbooking.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names. Published: 2025-03-17T12:31:04.713Z Updated: 2025-03-17T15:52:26.866Z Open on db.gcve.eu Reference links https://vuldb.com/?id.299876 https://vuldb.com/?ctiid.299876 https://vuldb.com/?submit.515797 https://github.com/Keyand/Multi-Restaurant-Table-Reservation-System-Search/blob/main/Vehicle%20Management%20System%20confirmbooking.php%20has%20Cross-site%20Scripting%20(XSS).pdf https://www.sourcecodester.com/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-48246`	vulnerable	2026-06-03 14:57:02.964255	Details available Vehicle Management System 1.0 contains a Stored Cross-Site Scripting (XSS) vulnerability in the "Name" parameter of /vehicle-management/booking.php. Published: 2025-03-05T00:00:00.000Z Updated: 2025-03-06T14:23:01.488Z Open on db.gcve.eu Reference links https://github.com/ShadowByte1/CVE-2024-48246	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-48245`	vulnerable	2026-06-03 14:57:02.963875	Details available Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php. Published: 2025-01-07T00:00:00.000Z Updated: 2025-01-07T20:01:18.286Z Open on db.gcve.eu Reference links http://vehicle.com https://github.com/ShadowByte1/CVE-2024-48245	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

janobe Vehicle Management System 1.0

PURL mappings

Vulnerability references

Contribute