Car Rental Project
by Phpgurukul
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-10794 | Med | 0.28 | 4.3 | 0.00 | Sep 22, 2025 | A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used. | ||
| CVE-2025-50486 | 0.00 | — | 0.00 | Jul 28, 2025 | Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack. | |||
| CVE-2025-4926 | 0.00 | — | 0.00 | May 19, 2025 | A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. |
- risk 0.28cvss 4.3epss 0.00
A flaw has been found in PHPGurukul Car Rental Project 3.0. Affected by this issue is some unknown functionality of the file /carrental/search.php. Executing manipulation of the argument autofocus can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been published and may be used.
- CVE-2025-50486Jul 28, 2025risk 0.00cvss —epss 0.00
Improper session invalidation in the component /carrental/update-password.php of PHPGurukul Car Rental Project v3.0 allows attackers to execute a session hijacking attack.
- CVE-2025-4926May 19, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in PHPGurukul Car Rental Project 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/post-avehical.php. The manipulation of the argument img1/img2/img3/img4/img5 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.