RSS   Vulnerabilities for 'Official car rental system'   RSS

2020-04-06
 
CVE-2020-11545

CWE-89
 

 
Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt.

 
 
CVE-2020-11544

CWE-434
 

 
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files.

 

 >>> Vendor: Projectworlds 13 Products
Hospital management system in php
Official car rental system
House rental and property listing project
Car rental project
House rental
Visitor management system in php
Online examination system
Online matrimonial project
Online book store project in php
Travel management system
Online shopping system in php
Online-shopping-webvsite-in-php
Online movie ticket booking system


Copyright 2024, cxsecurity.com

 

Back to Top