Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-57487

In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server.

Published

2025-01-13T17:15:17.160

Last Modified

2025-04-03T18:48:41.720

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	code-projects	online_car_rental_system	1.0	Yes

References

https://code-projects.org/online-car-rental-using-php-source-code/ Product ([email protected])
https://github.com/aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488 Third Party Advisory ([email protected])