CVE-2020-11544

Name of the Vulnerable Software and Affected Versions Project Worlds Official Car Rental System version 1

Description The issue allows an admin user to run commands on the server with their account due to an arbitrary file upload vulnerability via the add cars.php file in the upload section on the file-manager page. There are no restrictions for uploading executable files, which can be exploited.

Recommendations For Project Worlds Official Car Rental System version 1, restrict access to the add cars.php file to prevent arbitrary file uploads until a fix is available. Consider implementing upload restrictions for executable files as a temporary mitigation measure.