CVE-2020-27956

Published: Oct 28, 2020Modified: Jun 17, 2026

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).

Affected (1)

Products: Car Rental Management System Project: Car Rental Management System

Car Rental Management System Project

1 product

Car Rental Management System

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Car Rental Management System Project Car Rental Management System	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://www.exploit-db.com/exploits/48931

Source: cve@mitre.org

ExploitThird Party AdvisoryVDB Entry

https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html

Source: cve@mitre.org

ProductThird Party Advisory

https://www.exploit-db.com/exploits/48931

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html

Source: af854a3a-2127-422b-91ae-364da2661108

ProductThird Party Advisory

Timeline

No history available yet.