Back to CVE Browser

CVE-2020-24199

CRITICAL

9.8

CVSS Severity Score

EPSS Score0.0510%

EPSS Percentile11.76th

PublishedSep 9, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.

Affected Platforms (CPE)

📦

Projectworlds

Car Rental Project

= 1.0

References & Advisories

🔗 https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp

🔗 https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp/blob/master/CarRental-Unauth-RCE.py

🔗 https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/

🔗 https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp

🔗 https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp/blob/master/CarRental-Unauth-RCE.py

🔗 https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/

Related Vulnerabilities

CVE-2020-115459.8

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and param...

CVE-2021-268099.8

PHPGurukul Car Rental Project version 2.0 suffers from a remote shell upload vulnerability in changeimage1.php.

CVE-2020-55097.2

PHPGurukul Car Rental Project v1.0 allows Remote Code Execution via an executable file in an upload of a new profile image.

CVE-2020-115447.2

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server wit...