Car rental script
This hub aggregates every CVE we track for Car rental script, a product in the web cms plugins space. Use it to gauge the current risk picture and drill into individual advisories.
15
CVEs tracked
3
Critical
5
High
0
In CISA KEV
Severity distribution
MEDIUM6HIGH5CRITICAL3LOW1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Car rental script.
- CVE-2023-48834A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion.7.5
- CVE-2023-48836Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_nam...5.4
- CVE-2023-48835Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action.8.8
- CVE-2023-48837Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code.5.4
- CVE-2023-40764User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid...9.8
- CVE-2023-40754In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts.8.8
- CVE-2023-3757GZ Scripts Car Rental Script cross site scripting3.5
- CVE-2018-20648PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.8.8
- CVE-2018-20647PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.6.5
- CVE-2018-15182PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields.5.4
- CVE-2018-6904PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.5.4
- CVE-2017-17907PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.6.1
- CVE-2017-17905PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.8.8
- CVE-2017-17906PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.9.8
- CVE-2017-17637Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.9.8
Product normalization is registry-driven with AI assist and human review. How it works