CyberSec.Space Logo
Back to CVE Browser

CVE-2020-11544

HIGH
7.2
CVSS Severity Score
EPSS Score0.0630%
EPSS Percentile8.38th
PublishedApr 6, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files.

Affected Platforms (CPE)

📦
Projectworlds

Official Car Rental System

= 1.0

References & Advisories

🔗 https://frostylabs.net/writeups/cve-2020-11544/
🔗 https://frostylabs.net/writeups/cve-2020-11544/

Related Vulnerabilities

CVE-2020-115459.8

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and param...

CVE-2020-079610.0

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles cer...

CVE-2020-161410.0

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, wh...

CVE-2020-1207910.0

Beaker before 0.8.9 allows a sandbox escape, enabling system access and code execution. This occurs because Electron context isola...