File Upload Vulnerability in Code-Projects Online Car Rental System
CVE-2024-57487
Currently unrated
Key Information:
- Vendor
Code-Projects
- Status
- Vendor
- CVE Published:
- 13 January 2025
Badges
👾 Exploit Exists🟡 Public PoC🟣 EPSS 40%
What is CVE-2024-57487?
The Online Car Rental System by Code-Projects version 1.0 contains a significant file upload vulnerability, which allows an attacker to bypass restrictions on file extensions and MIME types. This flaw can lead to the unauthorized upload of PHP shell scripts, enabling attackers to execute malicious commands on the server, potentially compromising the entire system.
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.