Simple Car Rental System
CVE-2025-60306
CRITICAL
Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.
AnalysisAI
Privilege escalation in code-projects Simple Car Rental System 1.0 lets an authenticated low-privilege user forge a high-privilege (administrator) session and invoke sensitive operations reserved for privileged accounts. The flaw is a broken access-control / authentication-bypass issue (CWE-284) with a publicly available exploit, though it is not listed in CISA KEV and carries a low EPSS probability (0.38%, 30th percentile), indicating limited real-world exploitation to date. Any user able to authenticate at a basic level can effectively take over administrative functionality.
More in Simple Car Rental System
View allA vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Rated medium severity (C
A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Rated medium severity (C
A vulnerability was found in code-projects Simple Car Rental System 1.0. Rated medium severity (CVSS 6.9), this vulnerab
A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. Rated medium severi
Cross-site request forgery in Simple Car Rental System 1.0 allows remote attackers to perform unauthorized actions on be
Stored cross-site scripting (XSS) in Simple Car Rental System 1.0 allows authenticated administrators to inject maliciou
A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today