Remote Code Execution Vulnerability in PHPGurukul Car Rental Project v1.0
CVE-2020-5509

7.2HIGH

Key Information:

Vendor: PHPgurukul
Status: Car Rental Portal
Vendor: CVE Published:; 14 January 2020

Badges

👾 Exploit Exists

Summary

The PHPGurukul Car Rental Project v1.0 is vulnerable to remote code execution due to improper handling of file uploads. Specifically, an attacker can exploit this vulnerability by uploading a malicious executable file disguised as a new profile image, enabling them to execute arbitrary code on the server. This flaw poses significant security risks, allowing unauthorized users to compromise the integrity of the system and potentially gain access to sensitive data.

References

http://packetstormsecurity.com/files/155925/Car-Rental-Pr...

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Dec 7, 2020
👾
Exploit known to exist
Dec 7, 2020
Vulnerability published
Jan 14, 2020
Vulnerability Reserved
Jan 5, 2020