CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-57487
https://notcve.org/view.php?id=CVE-2024-57487
13 Jan 2025 — In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server. • https://github.com/aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-57488
https://notcve.org/view.php?id=CVE-2024-57488
13 Jan 2025 — Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php. • https://code-projects.org/online-car-rental-using-php-source-code • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12998 – code-projects Online Car Rental System GET Parameter index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12998
28 Dec 2024 — A vulnerability, which was classified as problematic, was found in code-projects Online Car Rental System 1.0. This affects an unknown part of the file /index.php of the component GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •