VYPR

Carrental

by Yeqifu

Source repositories

CVEs (4)

  • CVE-2024-51376HigFeb 12, 2025
    risk 0.49cvss 7.5epss 0.01

    Directory Traversal vulnerability in yeqifu carRental v.1.0 allows a remote attacker to obtain sensitive information via the file/downloadFile.action?path= component.

  • CVE-2025-9650MedAug 29, 2025
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This affects the function removeFileByPath of the file src/main/java/com/yeqifu/sys/utils/AppFileUtils.java. The manipulation of the argument carimg leads to path traversal. The…

  • CVE-2025-15432Jan 2, 2026
    risk 0.00cvss epss 0.01

    A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of…

  • CVE-2025-9310Aug 21, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRental_war/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded…