CVE-2024-3369
code-projects Car Rental add-vehicle.php unrestricted upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Affected by this issue is some unknown functionality of the file add-vehicle.php. The manipulation of the argument Upload Image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259490 is the identifier assigned to this vulnerability.
Una vulnerabilidad clasificada como crítica fue encontrada en code-projects Car Rental 1.0. Una función desconocida del archivo add-vehicle.php es afectada por esta vulnerabilidad. La manipulación del argumento Cargar imagen conduce a una carga sin restricciones. El ataque puede lanzarse de forma remota. El exploit ha sido divulgado al público y puede utilizarse. VDB-259490 es el identificador asignado a esta vulnerabilidad.
Eine kritische Schwachstelle wurde in code-projects Car Rental 1.0 entdeckt. Davon betroffen ist unbekannter Code der Datei add-vehicle.php. Dank der Manipulation des Arguments Upload Image mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.
CVSS Scores
SSVC
- Decision:Track
Timeline
- 2024-04-05 CVE Reserved
- 2024-04-06 CVE Published
- 2024-04-07 EPSS Updated
- 2024-08-01 CVE Updated
- 2024-08-01 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| https://vuldb.com/?id.259490 | Technical Description | |
| https://vuldb.com/?submit.311147 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| https://drive.google.com/file/d/1wLMnGzcbyCoZ_Wp-bHpLD49MZ9-XHPUK/view?usp=drive_link | 2024-08-01 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Code-projects Search vendor "Code-projects" | Car Rental Search vendor "Code-projects" for product "Car Rental" | 1.0 Search vendor "Code-projects" for product "Car Rental" and version "1.0" | en |
Affected
| ||||||