Simple Car Rental System
Monthly
A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7476 is a critical SQL injection vulnerability in code-projects Simple Car Rental System 1.0 affecting the /admin/approve.php endpoint's ID parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, elevating real-world risk despite the CVSS 7.3 score suggesting moderate impact.
CVE-2025-7475 is a critical SQL injection vulnerability in code-projects Simple Car Rental System version 1.0, located in the /pay.php file where the 'mpesa' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of database records. The vulnerability has been publicly disclosed with proof-of-concept availability, indicating active exploitation risk in real-world deployments.
A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability, which was classified as critical, has been found in code-projects Simple Car Rental System 1.0. This issue affects some unknown processing of the file /admin/add_cars.php. The manipulation of the argument image leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVE-2025-7476 is a critical SQL injection vulnerability in code-projects Simple Car Rental System 1.0 affecting the /admin/approve.php endpoint's ID parameter. An unauthenticated remote attacker can exploit this to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion. The vulnerability has been publicly disclosed with exploit code available, elevating real-world risk despite the CVSS 7.3 score suggesting moderate impact.
CVE-2025-7475 is a critical SQL injection vulnerability in code-projects Simple Car Rental System version 1.0, located in the /pay.php file where the 'mpesa' parameter is insufficiently sanitized. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary SQL queries, potentially leading to unauthorized data access, modification, or deletion of database records. The vulnerability has been publicly disclosed with proof-of-concept availability, indicating active exploitation risk in real-world deployments.
A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.