Car Rental Script
Monthly
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
User enumeration is found in PHP Jabbers Car Rental Script v3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
User enumeration is found in PHP Jabbers Car Rental Script v3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.