Code-Projects Online Car Rental System vulnerabilities

CVE-2024-57488 [MEDIUM] CWE-79 CVE-2024-57488: Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehic Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php.

CVE-2024-57487 [MEDIUM] CWE-94 CVE-2024-57487: In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extens In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server.

CVE-2024-12998 [MEDIUM] CWE-79 CVE-2024-12998: A vulnerability, which was classified as problematic, was found in code-projects Online Car Rental S A vulnerability, which was classified as problematic, was found in code-projects Online Car Rental System 1.0. This affects an unknown part of the file /index.php of the component GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may