aaryan-11-x

CVE-2024-57488 GITHUB MEDIUM WRITEUP

Code-Projects Online Car Rental System 1.0 - Cross-Site Scripting via vehicalorcview Parameter

Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php.

CVSS 6.5

View Code

CVE-2024-57487 NOMISEC MEDIUM WRITEUP

Car Rental System 1.0 File Upload RCE (Authenticated)

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server.

CVSS 6.5

View Code