Skip to main content

Car Rental Script CVE-2023-48835

HIGH
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (CWE-74)
2023-12-07 cve@mitre.org
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 07, 2023 - 07:15 nvd
HIGH 8.8

DescriptionNVD

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.

AnalysisAI

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-74. Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Affected products include: Phpjabbers Car Rental Script.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-17637 CRITICAL POC
9.8 Dec 13

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. Rated critical severity (CVSS 9.8), th

CVE-2017-17906 CRITICAL POC
9.8 Dec 27

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. Rated critical sever

CVE-2017-17905 HIGH POC
8.8 Dec 27

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. Rated high severity (CVSS 8.8), this vulnerabili

CVE-2023-48834 HIGH POC
7.5 Dec 07

A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. Rated high

CVE-2017-17907 MEDIUM POC
6.1 Dec 27

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php webs

CVE-2023-40764 CRITICAL
9.8 Aug 28

User enumeration is found in PHP Jabbers Car Rental Script v3.0. Rated critical severity (CVSS 9.8), this vulnerability

CVE-2023-48837 MEDIUM POC
5.4 Dec 07

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated med

CVE-2023-48836 MEDIUM POC
5.4 Dec 07

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_ke

CVE-2018-15182 MEDIUM POC
5.4 Aug 09

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. Rated medium severity (CVSS 5.4)

CVE-2018-6904 MEDIUM POC
5.4 Apr 12

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. Rated medium severit

CVE-2023-40754 HIGH
8.8 Aug 28

In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile

Share

CVE-2023-48835 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy