Vulnerabilities > Projectworlds > Official CAR Rental System > 1.0

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-06	CVE-2020-11545	SQL Injection vulnerability in Projectworlds Official CAR Rental System 1.0 Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt. network low complexity projectworlds CWE-89	7.5
2020-04-06	CVE-2020-11544	Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Official CAR Rental System 1.0 An issue was discovered in Project Worlds Official Car Rental System 1. network low complexity projectworlds CWE-434	6.5

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.