CVE-2024-11632 – code-projects Simple Car Rental System book_car.php sql injection
https://notcve.org/view.php?id=CVE-2024-11632
A vulnerability was found in code-projects Simple Car Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file /book_car.php. The manipulation of the argument fname/id_no/gender/email/phone/location leads to sql injection. It is possible to launch the attack remotely. • https://code-projects.org https://github.com/sil3n/cve/issues/2 https://vuldb.com/?ctiid.285918 https://vuldb.com/?id.285918 https://vuldb.com/?submit.446308 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2024-10702 – code-projects Simple Car Rental System signup.php sql injection
https://notcve.org/view.php?id=CVE-2024-10702
A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org https://github.com/imTedCao/cve/issues/1 https://vuldb.com/?ctiid.282870 https://vuldb.com/?id.282870 https://vuldb.com/?submit.435233 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •