File Upload Vulnerability in Code-Projects Online Car Rental System
CVE-2024-57487

Currently unrated

Key Information:

Vendor
CVE Published:
13 January 2025

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 40%

What is CVE-2024-57487?

The Online Car Rental System by Code-Projects version 1.0 contains a significant file upload vulnerability, which allows an attacker to bypass restrictions on file extensions and MIME types. This flaw can lead to the unauthorized upload of PHP shell scripts, enabling attackers to execute malicious commands on the server, potentially compromising the entire system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

References

EPSS Score

40% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

.