CVEs-PoC/2017/CVE-2017-1000474.md

### [CVE-2017-1000474](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000474)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brightgreen)

### Description

Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.

### POC

#### Reference
- https://www.exploit-db.com/exploits/44318/

#### Github
- https://github.com/ARPSyndicate/cvemon