CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28000 – Car Rental System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2022-28000
Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. Se ha detectado que Car Rental System versión v1.0, contiene una vulnerabilidad de inyección SQL en el archivo /Car_Rental/booking.php por medio del parámetro id Car Rental System version 1.0 suffers from a remote SQL injection vulnerability. • http://packetstormsecurity.com/files/166657/Car-Rental-System-1.0-SQL-Injection.html https://github.com/D4rkP0w4r/CVEs/blob/main/Car%20Rental%20System%20SQLI/POC.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15535 – Car Rental System <= 1.3 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15535
An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. Se detectó un problema en el plugin Bestsoftinc Car Rental System versiones hasta 1.3 para WordPress. Un ataque de tipo XSS persistente puede producirse por medio de cualquiera de los campos de registro • https://packetstormsecurity.com/files/157118/WordPress-Car-Rental-System-1.3-Cross-Site-Scripting.html https://wpvulndb.com/vulnerabilities/10172 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •