Page 4 of 18 results (0.004 seconds)

CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 1

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root). Una subida arbitraria de archivos en el componente Upload Image en SourceCodester Car Rental Management System versión 1.0 permite al usuario llevar a cabo la ejecución remota del código a través de admin/index.php?page=manage_car porque los archivos .php pueden ser subidos a admin/assets/uploads/ (bajo la raíz de la web) • https://www.exploit-db.com/exploits/48931 https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

A Persistent Cross-Site Scripting (XSS) vulnerability in message_admin.php in Projectworlds Car Rental Management System v1.0 allows unauthenticated remote attackers to harvest an admin login session cookie and steal an admin session upon an admin login. Una vulnerabilidad de tipo Cross-Site Scripting (XSS) Persistente en el archivo message_admin.php en Projectworlds Car Rental Management System versión v1.0, permite a atacantes no autenticados remotos recolectar una cookie de sesión de administrador y robar una sesión de administrador tras un inicio de sesión de administrador • https://github.com/projectworlds32/Car-Rental-Syatem-PHP-MYSQL/archive/master.zip https://packetstormsecurity.com/files/158795/Car-Rental-Management-System-1.0-Cross-Site-Scripting.html https://projectworlds.in • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. Se detectó un problema en el plugin Bestsoftinc Car Rental System versiones hasta 1.3 para WordPress. Un ataque de tipo XSS persistente puede producirse por medio de cualquiera de los campos de registro • https://packetstormsecurity.com/files/157118/WordPress-Car-Rental-System-1.3-Cross-Site-Scripting.html https://wpvulndb.com/vulnerabilities/10172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •