Simple Car Rental System
Monthly
Stored cross-site scripting (XSS) in Simple Car Rental System 1.0 allows authenticated administrators to inject malicious scripts via the car_name parameter in /admin/add_vehicles.php, which are then executed in the browsers of other users viewing vehicle listings. The vulnerability requires high-privilege admin access and user interaction (UI:P), limiting real-world impact despite network-accessible delivery. Publicly available exploit code exists but EPSS exploitation probability is extremely low at 0.05%, suggesting the attack scenario (admin-initiated XSS against themselves or other admins) has minimal practical risk.
Cross-site request forgery in Simple Car Rental System 1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users via crafted requests, requiring user interaction. The vulnerability carries low real-world risk despite public exploit availability, with an EPSS score of 0.08% (24th percentile) indicating minimal actual exploitation probability. Authentication is not required to trigger the CSRF, but successful exploitation depends on the victim being logged in and visiting an attacker-controlled page.
A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Stored cross-site scripting (XSS) in Simple Car Rental System 1.0 allows authenticated administrators to inject malicious scripts via the car_name parameter in /admin/add_vehicles.php, which are then executed in the browsers of other users viewing vehicle listings. The vulnerability requires high-privilege admin access and user interaction (UI:P), limiting real-world impact despite network-accessible delivery. Publicly available exploit code exists but EPSS exploitation probability is extremely low at 0.05%, suggesting the attack scenario (admin-initiated XSS against themselves or other admins) has minimal practical risk.
Cross-site request forgery in Simple Car Rental System 1.0 allows remote attackers to perform unauthorized actions on behalf of authenticated users via crafted requests, requiring user interaction. The vulnerability carries low real-world risk despite public exploit availability, with an EPSS score of 0.08% (24th percentile) indicating minimal actual exploitation probability. Authentication is not required to trigger the CSRF, but successful exploitation depends on the victim being logged in and visiting an attacker-controlled page.
A vulnerability, which was classified as critical, has been found in code-projects Simple Plugins Car Rental Management 1.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.