4 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/w0r1dtr33/cve/issues/1 https://vuldb.com/?ctiid.286345 https://vuldb.com/?id.286345 https://vuldb.com/?submit.452084 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in code-projects Simple Car Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file /book_car.php. The manipulation of the argument fname/id_no/gender/email/phone/location leads to sql injection. It is possible to launch the attack remotely. • https://code-projects.org https://github.com/sil3n/cve/issues/2 https://vuldb.com/?ctiid.285918 https://vuldb.com/?id.285918 https://vuldb.com/?submit.446308 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/imTedCao/cve/issues/1 https://vuldb.com/?ctiid.282870 https://vuldb.com/?id.282870 https://vuldb.com/?submit.435233 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Affected by this issue is some unknown functionality of the file add-vehicle.php. The manipulation of the argument Upload Image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1wLMnGzcbyCoZ_Wp-bHpLD49MZ9-XHPUK/view?usp=drive_link https://vuldb.com/?ctiid.259490 https://vuldb.com/?id.259490 https://vuldb.com/?submit.311147 • CWE-434: Unrestricted Upload of File with Dangerous Type •