bookcars
by Bookcars
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-36720 | Hig | 0.53 | 8.1 | — | Jun 9, 2026 | Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type. | ||
| CVE-2026-36727 | 0.00 | — | — | Jun 9, 2026 | An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token. | |||
| CVE-2026-36726 | 0.00 | — | — | Jun 9, 2026 | An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences. | |||
| CVE-2026-36723 | 0.00 | — | — | Jun 9, 2026 | An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables… | |||
| CVE-2026-36722 | 0.00 | — | — | Jun 9, 2026 | An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file. |
- risk 0.53cvss 8.1epss —
Insecure permissions in bookcars v8.3 allows authenticated attackers to escalate privileges from user to admin via modifying their user type.
- CVE-2026-36727Jun 9, 2026risk 0.00cvss —epss —
An insecure authentication vulnerability in the /api/social-sign-in endpoint of bookcars v8.3 allows attackers to bypass authentication via a forged JWT token.
- CVE-2026-36726Jun 9, 2026risk 0.00cvss —epss —
An arbitrary file deletion vulnerability in the /api/delete-temp-license/{file} endpoint of bookcars v8.3 allows unauthenticated attackers to delete arbitrary files via supplying directory traversal sequences.
- CVE-2026-36723Jun 9, 2026risk 0.00cvss —epss —
An unrestricted file rename vulnerability in the /api/create-user component of bookcars v8.3 allows authenticated attackers to leverage directory traversal sequences to move arbitrary files from temporary storage to arbitrary locations on the server filesystem. This enables…
- CVE-2026-36722Jun 9, 2026risk 0.00cvss —epss —
An authenticated arbitrary file upload vulnerability in the /api/create-car-image component of bookcars v8.3 allows attackers to execute arbitrary code via uploading a crafted file.