Car Rental Management System Project: >> Car Rental Management System >> 1.0 Security Vulnerabilities
Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter.
CVSS Score
5.4
EPSS Score
0.046
Published
2022-01-18
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
CVSS Score
9.8
EPSS Score
0.887
Published
2020-12-14
An SQL injection vulnerability was discovered in Car Rental Management System v1.0 can be exploited via the id parameter in view_car.php or the car_id parameter in booking.php.
CVSS Score
9.8
EPSS Score
0.024
Published
2020-12-02
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).
CVSS Score
9.8
EPSS Score
0.077
Published
2020-10-28
A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login.
CVSS Score
6.1
EPSS Score
0.013
Published
2020-10-06
Page 2