PT-2025-29326 · Unknown · Simple Car Rental System
Y2Xsec
·
Published
2025-07-12
·
Updated
2025-07-18
·
CVE-2025-7475
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Simple Car Rental System version 1.0
Description:
A critical issue exists in Simple Car Rental System 1.0, specifically within the
/pay.php file. Manipulation of the mpesa argument can lead to SQL injection. This allows for remote exploitation. The exploit details have been publicly disclosed.Recommendations:
As a temporary workaround, consider restricting access to the
/pay.php file until a fix is available.
Sanitize the mpesa argument to prevent SQL injection.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Simple Car Rental System