CVE-2020-11544

Published: Apr 6, 2020Modified: Nov 21, 2024

7.2

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.2 / Impact: 5.9

Source: NVD

Description

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files.

Affected (1)

Products: Projectworlds: Official Car Rental System

1 product

Official Car Rental System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Projectworlds Official Car Rental System	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (2)

https://frostylabs.net/writeups/cve-2020-11544/

Source: cve@mitre.org

ExploitThird Party Advisory

https://frostylabs.net/writeups/cve-2020-11544/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.