39 matches found
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/ajax.php?action=login. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32022...
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/viewcar.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32025 info:...
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /admin/managebooking.php?id=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32026...
Car Rental Management System 1.0 - SQL Injection
Car Rental Management System 1.0 contains an SQL injection vulnerability via /booking.php?carid=. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected site. id: CVE-2022-32024 info:...
CVE-2025-15432
A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path...
CVE-2025-15432
A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path...
CVE-2025-15432
A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path...
CVE-2025-15432 yeqifu carRental com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path traversal
A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path...
CVE-2025-15432
The CVE-2025-15432 issue affects yeqifu carRental, specifically the function downloadShowFile in /file/downloadShowFile.action of the com.yeqifu.sys.controller.FileController. The root cause is path traversal caused by manipulation of the path argument, allowing remote exploitation. Several sourc...
CVE-2025-15432 yeqifu carRental com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile path traversal
A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path...
PT-2026-1054
Name of the Vulnerable Software and Affected Versions yeqifu carRental affected versions not specified Description A path traversal issue exists due to the manipulation of the path argument within the downloadShowFile function located in /file/downloadShowFile.action of the...
EUVD-2025-25466
Malicious code in bioql PyPI...
EUVD-2025-4913
Malicious code in bioql PyPI...
CVE-2025-9650
CVE-2025-9650 affects yeqifu carRental; the path traversal flaw is in AppFileUtils.removeFileByPath (taking carimg) and is remotely exploitable with a disclosed exploit. Connected sources corroborate the vulnerability in versions up to 3fabb7eae93d209426638863980301d6f99866b3. Practical impact in...
carRental 路径遍历漏洞
carRental is a car rental software from carRental, Inc. A path traversal vulnerability exists in carRental, which originates from a path traversal caused by a misbehavior of the function removeFileByPath in the parameter carimg in the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java...
CVE-2025-9310
A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...
CVE-2025-9310
A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...
CVE-2025-9310
A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...
CVE-2025-9310 yeqifu carRental Druid login.html hard-coded credentials
A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRentalwar/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack ma...
CVE-2025-9310
The CVE-2025-9310 entry concerns yeqifu carRental (Druid component) with vulnerability in an unknown function of the file /carRental_war/druid/login.html. The issue can lead to hard-coded credentials and is exploitable remotely; the exploit has been publicly disclosed. There are no version detail...