CVE-2020-29227
CRITICAL EXPLOITED IN THE WILD NUCLEICar Rental Management System 1.0 - Code Injection
Title source: llmExploitation Summary
CVE-2020-29227 has been observed exploited in the wild (reported by VulnCheck KEV, InTheWild.io). A Nuclei detection template is also available.
Description
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
Nuclei Templates (1)
Car Rental Management System 1.0 - Local File Inclusion
CRITICALby daffainfo
Shodan:
http.html:"car rental management system"
FOFA:
body="car rental management system"
References (2)
Core 2
Core References
Product, Third Party Advisory x_refsource_misc
https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html
Exploit, Third Party Advisory x_refsource_misc
https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5
Scores
CVSS v3
9.8
EPSS
0.1682
EPSS Percentile
96.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
VulnCheck KEV
2021-04-12
InTheWild.io
2021-04-12
Status
published
Products (1)
car_rental_management_system_project/car_rental_management_system
1.0
Published
Dec 14, 2020
Tracked Since
Feb 18, 2026