An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
References
Link | Resource |
---|---|
https://loopspell.medium.com/cve-2020-29227-unauthenticated-local-file-inclusion-7d3bd2c5c6a5 | Exploit Third Party Advisory |
https://www.sourcecodester.com/php/14544/car-rental-management-system-using-phpmysqli-source-code.html | Product Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-12-14T13:24:20
Updated: 2020-12-14T13:24:20
Reserved: 2020-11-27T00:00:00
Link: CVE-2020-29227
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-12-14T14:15:10.713
Modified: 2020-12-15T15:43:32.593
Link: CVE-2020-29227
JSON object: View
Redhat Information
No data.
CWE