CVE Details
Basic Information
| Title | code-projects Simple Car Rental System pay.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-12T12:32:05.947Z |
| Modified | 2025-07-12T12:32:05.947Z |
Product Information
| Vendor | code-projects |
|---|---|
| Product | Simple Car Rental System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A SQL injection vulnerability in the Simple Car Rental System allows remote attackers to inject malicious SQL code via the mpesa parameter in pay.php. This could lead to data tampering or unauthorized access. The vulnerability is critical and has a public exploit available. |
|---|---|
| AI Severity | Medium |
| AI Vendor | code-projects |
| AI Product | Simple Car Rental System |
| AI Version | 1.0 |
Affected Products
- code-projects Simple Car Rental System 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.