Car Rental Script Security Vulnerabilities

CVE-2023-48837

Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country...

CVE-2023-48835

Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export...

CVE-2023-48836

Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name...

CVE-2023-48834

A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource...

CVE-2023-40764

User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid...

CVE-2023-40754

In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over...

CVE-2023-3757

A vulnerability classified as problematic has been found in GZ Scripts Car Rental Script 1.8. Affected is an unknown function of the file /EventBookingCalendar/load.php?controller=GzFront/action=checkout/cid=1/layout=calendar/show_header=T/local=3. The manipulation of the argument...

CVE-2018-20648

PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via...

CVE-2018-20647

PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/...

CVE-2018-15182

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName...

CVE-2018-6904

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile...

CVE-2017-17906

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid...

CVE-2017-17907

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename...

CVE-2017-17905

PHP Scripts Mall Car Rental Script has CSRF via...

CVE-2017-17637

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val...

CVE-2017-2171

Cross-site scripting vulnerability in Captcha prior to version 4.3.0, Car Rental prior to version 1.0.5, Contact Form Multi prior to version 1.2.1, Contact Form prior to version 4.0.6, Contact Form to DB prior to version 1.5.7, Custom Admin Page prior to version 0.1.2, Custom Fields Search prior...

CVE-2010-0631

Multiple SQL injection vulnerabilities in index.php in Eicra Car Rental-Script, when the plugin_id parameter is 4, allow remote attackers to execute arbitrary SQL commands via the (1) users (username) and (2) passwords...