Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2020-5509 β€” Unrestricted File Upload in CAR Rental Portal

CWE-434 β€” Unrestricted File Upload4 documents4 sources
Severity
7.2HIGHNVD
EPSS
5.6%
top 9.70%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Phpgurukul CAR Rental Portal
Timeline
PublishedJan 14
Latest updateApr 16

Description

PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages1 packages

πŸ”΄Vulnerability Details

2
GHSA
GHSA-ggrv-vvpv-gm4h: PHPGurukul Car Rental Project v1β†—2022-05-24
β–Ά
CVEList
CVE-2020-5509: PHPGurukul Car Rental Project v1β†—2020-01-14
β–Ά

πŸ’₯Exploits & PoCs

1
Exploit-DB
Car Rental Project 1.0 - Remote Code Execution↗2025-04-16
β–Ά
CVE-2020-5509 β€” Unrestricted File Upload | cvebase