Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Car Rental Management System Security Vulnerabilities - 2020

cve
cve

CVE-2020-23832

A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login.

6.1CVSS

6AI Score

0.005EPSS

2020-10-06 01:15 PM
23
cve
cve

CVE-2020-27956

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).

9.8CVSS

9.6AI Score

0.054EPSS

2020-10-28 03:15 AM
42
cve
cve

CVE-2020-29227

An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.

9.8CVSS

9.1AI Score

0.012EPSS

2020-12-14 02:15 PM
30
4
cve
cve

CVE-2020-29287

An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.

9.8CVSS

9.8AI Score

0.117EPSS

2020-12-02 10:15 PM
57