CVE-2025-6667

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Car Rental System version 1.0

Description: A critical issue was found in the Car Rental System, affecting some unknown functionality of the file /admin/add cars.php. The manipulation of the image argument leads to unrestricted upload. This issue can be exploited remotely.

Recommendations: For Car Rental System version 1.0, consider disabling the file upload functionality in /admin/add cars.php until a patch is available. Restrict access to the /admin/add cars.php file to minimize the risk of exploitation. Avoid using the image argument in the affected file until the issue is resolved.

Exploit

Fix

Improper Access Control

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-434

Related Identifiers

CVE-2025-6667

Affected Products

Car Rental System

CVE-2025-6667

Weakness Enumeration

Related Identifiers

Affected Products

References · 12