CVE-2020-5509

HIGH

PHPGurukul Car Rental Project v1.0 - RCE

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-5509. PoCs published by ub3rsick.

AI-analyzed exploit summary This Python script automates the exploitation of CVE-2020-5509, an arbitrary file upload vulnerability in Car Rental Project 1.0. It authenticates as an admin, uploads a PHP backdoor, and provides a remote command execution interface.

Description

PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.

Exploits (1)

exploitdb WORKING POC

by ub3rsick · pythonwebappsphp

https://www.exploit-db.com/exploits/52243

View Code ZIP pw:eip

This Python script automates the exploitation of CVE-2020-5509, an arbitrary file upload vulnerability in Car Rental Project 1.0. It authenticates as an admin, uploads a PHP backdoor, and provides a remote command execution interface.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: Car Rental Project 1.0

Auth required

Prerequisites: Admin credentials · Network access to the target

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1505.003 - Web Shell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/155925/Car-Rental-Project-1.0-Remote-Code-Execution.html

Scores

CVSS v3 7.2

EPSS 0.1403

EPSS Percentile 94.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-434

Status published

Products (1)

phpgurukul/car_rental_portal 1.0

Published Jan 14, 2020

Tracked Since Feb 18, 2026