Skip to main content

Car Rental Script CVE-2023-40754

HIGH
Incorrect Permission Assignment for Critical Resource (CWE-732)
2023-08-28 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Aug 28, 2023 - 13:15 nvd
HIGH 8.8

DescriptionNVD

In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.

AnalysisAI

In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. Affected products include: Phpjabbers Car Rental Script.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.

CVE-2017-17637 CRITICAL POC
9.8 Dec 13

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. Rated critical severity (CVSS 9.8), th

CVE-2017-17906 CRITICAL POC
9.8 Dec 27

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. Rated critical sever

CVE-2017-17905 HIGH POC
8.8 Dec 27

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. Rated high severity (CVSS 8.8), this vulnerabili

CVE-2023-48835 HIGH POC
8.8 Dec 07

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS

CVE-2023-48834 HIGH POC
7.5 Dec 07

A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. Rated high

CVE-2017-17907 MEDIUM POC
6.1 Dec 27

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php webs

CVE-2023-40764 CRITICAL
9.8 Aug 28

User enumeration is found in PHP Jabbers Car Rental Script v3.0. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2023-48837 MEDIUM POC
5.4 Dec 07

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated med

CVE-2023-48836 MEDIUM POC
5.4 Dec 07

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_ke

CVE-2018-15182 MEDIUM POC
5.4 Aug 09

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. Rated medium severity (CVSS 5.4)

CVE-2018-6904 MEDIUM POC
5.4 Apr 12

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. Rated medium severit

Share

CVE-2023-40754 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy