CVE-2020-29227
published 2020-12-14CVE-2020-29227: An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a…
PriorityP182critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
16.82%
96.7th percentile
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| car_rental_management_system_project | car_rental_management_system | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for GET requests to /index.php with a 'page' parameter containing path traversal sequences or null bytes (e.g., ?page=/etc/passwd%00), indicating LFI exploitation attempts. ↗
- →Detect responses containing 'root:.*:0:0:' in the HTTP body, which indicates successful /etc/passwd disclosure via LFI. ↗
- →Use Shodan/FOFA queries to identify exposed Car Rental Management System instances: Shodan: http.html:"car rental management system", FOFA: body="car rental management system". ↗
- ·The LFI payload uses a null byte (%00) to truncate the filename. This technique is only effective on PHP installations where null byte injection is not mitigated (typically PHP < 5.3.4). Verify target PHP version before assuming exploitability. ↗
- ·The vulnerability is exploitable by unauthenticated users, meaning no session or credential is required to trigger the LFI. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jmfv-2476-jhcq: An issue was discovered in Car Rental Management System 1
ghsa_unreviewed·2022-05-24
CVE-2020-29227 [CRITICAL] GHSA-jmfv-2476-jhcq: An issue was discovered in Car Rental Management System 1
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
VulnCheck
Car Rental Management System index.php Vulnerability
vulncheck·2020·CVSS 9.8
CVE-2020-29227 [CRITICAL] Car Rental Management System index.php Vulnerability
Car Rental Management System index.php Vulnerability
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
Affected: car_rental_management_system_project car_rental_management_system
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://unit42.paloaltonetworks.com/network-attack-trends-winter-2020/
No detection rules found.
Nuclei
Car Rental Management System 1.0 - Local File Inclusion
nuclei·CVSS 9.8
CVE-2020-29227 [CRITICAL] Car Rental Management System 1.0 - Local File Inclusion
Car Rental Management System 1.0 - Local File Inclusion
Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution.
Template:
id: CVE-2020-29227
info:
name: Car Rental Management System 1.0 - Local File Inclusion
author: daffainfo
severity: critical
description: Car Rental Management System 1.0 allows an unauthenticated user to perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, leading to code execution.
impact: |
An attacker can exploit this vulnerability to read sensitive files on the server, potentially leading to unauthorized access or information disclosure.
remediation: |
Apply the
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
CVE-2020-28188 [HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
# Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020. Several newly observed exploits, including CVE-2020-28188, CVE-2020-17519, and CVE-2020-29227, have emerged and were continuously being exploited in the wild as of late 2020 to early 2021.
This blog provides details of the newly observed exploits as well as a dive deep into the exploitation analysis, vendor analysis, attack origin, and attack category distribution.
Palo Alto Networks Next-Generation Firewall customers are protected from these attacks with the URL Filtering an
Unit42
Network Attack Trends: Internet of Threats (November 2020-January 2021)
blogs_unit42·2021-04-12·CVSS 7.5
[HIGH] Network Attack Trends: Internet of Threats (November 2020-January 2021)
Threat Research Center
Trend Reports
Vulnerabilities
## Network Attack Trends: Internet of Threats (November 2020-January 2021)
Lei Xu
Yue Guan
Vaibhav Singhal
Published: April 12, 2021
Malware
Trend Reports
Vulnerabilities
Botnet
DDoS
Exploit kit
IoT
Network security trends
## Executive Summary
Unit 42 researchers analyzed network attack trends over Winter 2020 and discovered many interesting exploits in the wild. During the period of Nov. 2020 to Jan. 2021, the majority of the attacks we observed were classified as critical (75%), compared to the 50.4% we reported in the fall of 2020 . Several newly observed exploits, including CVE-2020-28188 , CVE-2020-17519 , and CVE-2020-29227 , have emerged and were continuously being exploited in the wild as of late 2020 to earl
https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.htmlhttps://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html
2020-12-14
Published
Exploited in the wild