Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-7475


A vulnerability classified as critical has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part of the file /pay.php. The manipulation of the argument mpesa leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.


Published

2025-07-12T13:15:20.973

Last Modified

2025-07-18T19:04:46.877

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.3 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

10.0

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-74
    CWE-89
  • Type: Primary
    CWE-89

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application fabianros simple_car_rental_system 1.0 Yes

References