Tramyardg Autoexpress 1.3.0 Authentication Bypass
Posted on 19 March 2024
Tramyardg Autoexpress version 1.3.0 allows for authentication bypass via unauthenticated API access to admin functionality. This could allow a remote anonymous attacker to delete or update vehicles as well as upload images for vehicles.