File Upload Vulnerability in Code-Projects Online Car Rental System
CVE-2024-57487

Currently unrated

Key Information:

Vendor: Code-Projects
Status: Online Car Rental System
Vendor: CVE Published:; 13 January 2025

🔔 Create Code-Projects Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 36%

What is CVE-2024-57487?

The Online Car Rental System by Code-Projects version 1.0 contains a significant file upload vulnerability, which allows an attacker to bypass restrictions on file extensions and MIME types. This flaw can lead to the unauthorized upload of PHP shell scripts, enabling attackers to execute malicious commands on the server, potentially compromising the entire system.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-57487-and-CVE-2024-57488
Created by aaryan-11-x

References

https://code-projects.org/online-car-rental-using-php-sou...

https://github.com/aaryan-11-x/CVE-2024-57487-and-CVE-202...

EPSS Score

36% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 13, 2025
🟡
Public PoC available
Jan 11, 2025
👾
Exploit known to exist
Jan 11, 2025

JSON