CVE-2024-3369

Published: Apr 6, 2024Modified: Apr 25, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

A vulnerability, which was classified as critical, has been found in code-projects Car Rental 1.0. Affected by this issue is some unknown functionality of the file add-vehicle.php. The manipulation of the argument Upload Image leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-259490 is the identifier assigned to this vulnerability.

Affected (1)

Products: Anisha: Car Rental

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Anisha Car Rental	Version 1.0

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (8)

https://drive.google.com/file/d/1wLMnGzcbyCoZ_Wp-bHpLD49MZ9-XHPUK/view?usp=drive_link

Source: cna@vuldb.com

Exploit

https://vuldb.com/?ctiid.259490

Source: cna@vuldb.com

Permissions RequiredVDB Entry

https://vuldb.com/?id.259490

Source: cna@vuldb.com

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.311147

Source: cna@vuldb.com

Third Party Advisory

https://drive.google.com/file/d/1wLMnGzcbyCoZ_Wp-bHpLD49MZ9-XHPUK/view?usp=drive_link

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://vuldb.com/?ctiid.259490

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVDB Entry

https://vuldb.com/?id.259490

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://vuldb.com/?submit.311147

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.