Car Rental Script Security Vulnerabilities - 2023
In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.
8.8CVSS
8.7AI Score
0.002EPSS
User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.
9.8CVSS
9.3AI Score
0.002EPSS
A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion.
7.5CVSS
7.4AI Score
0.001EPSS
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.
8.8CVSS
8.6AI Score
0.001EPSS
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter.
5.4CVSS
5.2AI Score
0.0004EPSS
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.
5.4CVSS
5.7AI Score
0.0004EPSS