module
Car Rental System 1.0 File Upload RCE (Authenticated)
| Disclosed |
|---|
| Jan 13, 2025 |
Disclosed
Jan 13, 2025
Description
This module exploits an authenticated remote code execution vulnerability in the
Online Car Rental System 1.0 via the `changeimage1.php` endpoint. An authenticated
attacker can upload malicious PHP scripts without proper validation, enabling
arbitrary code execution on the server.
Online Car Rental System 1.0 via the `changeimage1.php` endpoint. An authenticated
attacker can upload malicious PHP scripts without proper validation, enabling
arbitrary code execution on the server.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.