CVE-2024-10702 – code-projects Simple Car Rental System signup.php sql injection
https://notcve.org/view.php?id=CVE-2024-10702
A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/imTedCao/cve/issues/1 https://vuldb.com/?ctiid.282870 https://vuldb.com/?id.282870 https://vuldb.com/?submit.435233 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-3369 – code-projects Car Rental add-vehicle.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-3369
A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Affected by this issue is some unknown functionality of the file add-vehicle.php. The manipulation of the argument Upload Image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1wLMnGzcbyCoZ_Wp-bHpLD49MZ9-XHPUK/view?usp=drive_link https://vuldb.com/?ctiid.259490 https://vuldb.com/?id.259490 https://vuldb.com/?submit.311147 • CWE-434: Unrestricted Upload of File with Dangerous Type •