Car Rental Project Security Vulnerabilities
9.8CVSS
9.6AI Score
0.003EPSS
7.2CVSS
7.3AI Score
0.011EPSS
7.2CVSS
7.3AI Score
0.011EPSS
7.2CVSS
7.3AI Score
0.011EPSS
7.2CVSS
7.3AI Score
0.011EPSS
7.2CVSS
7.3AI Score
0.012EPSS
9.8CVSS
9.6AI Score
0.003EPSS
7.2CVSS
7.3AI Score
0.001EPSS
7.2CVSS
7.3AI Score
0.001EPSS
An arbitrary file upload vulnerability in the New Entry module of Car Rental Management System v1.0 allows attackers to execute arbitrary code via a crafted PHP...
7.2CVSS
7.2AI Score
0.001EPSS
Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id...
8.8CVSS
8.9AI Score
0.002EPSS
Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary...
8.8CVSS
8.8AI Score
0.001EPSS
Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview...
5.4CVSS
5.2AI Score
0.001EPSS
PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in...
9.8CVSS
9.4AI Score
0.056EPSS
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code...
9.8CVSS
9.1AI Score
0.012EPSS
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in...
9.8CVSS
9.8AI Score
0.07EPSS
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web...
9.8CVSS
9.6AI Score
0.054EPSS
A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin...
6.1CVSS
6AI Score
0.004EPSS
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code...
9.8CVSS
9.6AI Score
0.045EPSS
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions...
7.2CVSS
7.1AI Score
0.001EPSS
Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login...
9.8CVSS
9.8AI Score
0.002EPSS
PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile...
7.2CVSS
7.3AI Score
0.01EPSS
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via...
8.8CVSS
8.8AI Score
0.001EPSS
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/...
6.5CVSS
6.5AI Score
0.001EPSS
5.4CVSS
5.3AI Score
0.001EPSS
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile...
5.4CVSS
5.3AI Score
0.001EPSS
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid...
9.8CVSS
9.9AI Score
0.002EPSS
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename...
6.1CVSS
6AI Score
0.001EPSS
8.8CVSS
8.7AI Score
0.001EPSS
9.8CVSS
9.9AI Score
0.002EPSS