Aaryan Golatkar

**Name of the Vulnerable Software and Affected Versions** Code-Projects Online Car Rental System version 1.0 **Description** The file upload feature in the affected system does not validate file extensions or MIME types, allowing an attacker to upload a PHP shell without restrictions and execute commands on the server. **Recommendations** For Code-Projects Online Car Rental System version 1.0, consider disabling the file upload feature until a patch is available to prevent the upload of malicious files, such as PHP shells, and restrict access to sensitive server areas to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Code-Projects Online Car Rental System version 1.0 **Description** The issue is related to Cross Site Scripting (XSS) via the `vehicalorcview` parameter in the "/admin/edit-vehicle.php" API endpoint. This flaw can be exploited by attackers to inject malicious scripts into the website. **Recommendations** For Code-Projects Online Car Rental System version 1.0, consider disabling access to the `/admin/edit-vehicle.php` endpoint until a patch is available, or restrict the use of the `vehicalorcview` parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.