CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12998 – code-projects Online Car Rental System GET Parameter index.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12998
28 Dec 2024 — A vulnerability, which was classified as problematic, was found in code-projects Online Car Rental System 1.0. This affects an unknown part of the file /index.php of the component GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-28062
https://notcve.org/view.php?id=CVE-2022-28062
04 Apr 2022 — Car Rental System v1.0 contains an arbitrary file upload vulnerability via the Add Car component which allows attackers to upload a webshell and execute arbitrary code. Car Rental System versión v1.0, contiene una vulnerabilidad de carga de archivos arbitraria por medio del componente Add Car que permite a atacantes cargar un webshell y ejecutar código arbitrario • https://github.com/D4rkP0w4r/CVEs/blob/main/Car%20Rental%20System%20Upload%20%2B%20RCE/POC.md • CWE-434: Unrestricted Upload of File with Dangerous Type •