Tianxiao

Name of the Vulnerable Software and Affected Versions projectworlds Car Rental System version 1.0 Description A weakness exists in projectworlds Car Rental System 1.0. The issue affects an unknown functionality within the `/pay.php` file of the Parameter Handler component. Manipulation of the `mpesa` argument can lead to SQL injection, allowing for remote attacks. The exploit is publicly available. Recommendations Update to a newer version of projectworlds Car Rental System that addresses this vulnerability. As a temporary workaround, restrict access to the `/pay.php` file or disable the Parameter Handler component until a patch is available. Avoid using the `mpesa` parameter in the affected API endpoint until the issue is resolved.