CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-3204 – CodeAstro Car Rental System returncar.php sql injection
https://notcve.org/view.php?id=CVE-2025-3204
04 Apr 2025 — A vulnerability, which was classified as critical, has been found in CodeAstro Car Rental System 1.0. Affected by this issue is some unknown functionality of the file /returncar.php. The manipulation of the argument ID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12981 – CodeAstro Car Rental System bookingconfirm.php sql injection
https://notcve.org/view.php?id=CVE-2024-12981
27 Dec 2024 — A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to sql injection. The attack can be launched remotely. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-28000 – Car Rental System 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2022-28000
08 Apr 2022 — Car Rental System v1.0 was discovered to contain a SQL injection vulnerability at /Car_Rental/booking.php via the id parameter. Se ha detectado que Car Rental System versión v1.0, contiene una vulnerabilidad de inyección SQL en el archivo /Car_Rental/booking.php por medio del parámetro id Car Rental System version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/166657 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-15535 – Car Rental System <= 1.3 - Unauthenticated Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-15535
05 Apr 2020 — An issue was discovered in the bestsoftinc Car Rental System plugin through 1.3 for WordPress. Persistent XSS can occur via any of the registration fields. Se detectó un problema en el plugin Bestsoftinc Car Rental System versiones hasta 1.3 para WordPress. Un ataque de tipo XSS persistente puede producirse por medio de cualquiera de los campos de registro • https://packetstormsecurity.com/files/157118/WordPress-Car-Rental-System-1.3-Cross-Site-Scripting.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •