Car Rental Script Project Car Rental Script vulnerabilities
8 known vulnerabilities affecting car_rental_script_project/car_rental_script.
Total CVEs
8
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2MEDIUM4
Vulnerabilities
Page 1 of 1
CVE-2017-17637P3CRITICALCVSS 9.8PoCv2.0.42017-12-13
CVE-2017-17637 [CRITICAL] CWE-89 CVE-2017-17637: Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.
Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.
nvd
CVE-2017-17906P3CRITICALCVSS 9.8v2.0.82017-12-27
CVE-2017-17906 [CRITICAL] CWE-89 CVE-2017-17906: PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.
nvd
CVE-2018-20647P3MEDIUMCVSS 6.5v2.0.82019-03-21
CVE-2018-20647 [MEDIUM] CWE-22 CVE-2018-20647: PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing
PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.
nvd
CVE-2017-17905P4HIGHCVSS 8.8v2.0.82017-12-27
CVE-2017-17905 [HIGH] CWE-352 CVE-2017-17905: PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.
nvd
CVE-2018-20648P4HIGHCVSS 8.8v2.0.82019-03-21
CVE-2018-20648 [HIGH] CWE-352 CVE-2018-20648: PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.
PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.
nvd
CVE-2017-17907P4MEDIUMCVSS 6.1v2.0.82017-12-27
CVE-2017-17907 [MEDIUM] CWE-79 CVE-2017-17907: PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/s
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.
nvd
CVE-2018-15182P4MEDIUMCVSS 5.4v2.0.82018-08-09
CVE-2018-15182 [MEDIUM] CWE-79 CVE-2018-15182: PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields.
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields.
nvd
CVE-2018-6904P4MEDIUMCVSS 5.4v2.0.82018-04-12
CVE-2018-6904 [MEDIUM] CWE-79 CVE-2018-6904: PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.
nvd