CVE-2024-11632

Name of the Vulnerable Software and Affected Versions code-projects Simple Car Rental System version 1.0

Description A critical issue has been found in the code-projects Simple Car Rental System. The problem is related to an unknown function of the file /book car.php, where the manipulation of the arguments fname, id no, gender, email, phone, and location can lead to SQL injection. This issue can be exploited remotely. The initial advisory mentioned the parameter fname as affected, but further analysis suggests other arguments might also be vulnerable.

Recommendations For code-projects Simple Car Rental System version 1.0, consider disabling the /book car.php file or restricting access to it until a patch is available. As a temporary workaround, avoid using the parameters fname, id no, gender, email, phone, and location in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.