PT-2022-19536 · Unknown · Car Rental Management System

Published

2022-05-11

Updated

2022-05-17

CVE-2022-29318

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Car Rental Management System version 1.0

Description An arbitrary file upload vulnerability in the New Entry module allows attackers to execute arbitrary code via a crafted PHP file.

Recommendations For Car Rental Management System version 1.0, consider disabling the New Entry module until a patch is available to prevent arbitrary file uploads and subsequent code execution. Restrict access to the module to minimize the risk of exploitation.

Exploit

Fix

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2022-29318

Affected Products

Car Rental Management System

PT-2022-19536 · Unknown · Car Rental Management System

CVE-2022-29318

Weakness Enumeration

Related Identifiers

Affected Products

References · 5