CVE-2024-57487 PoC — Code-Projects Online Car Rental System 安全漏洞

Source

Associated Vulnerability

Description

POC of CVE-2024-57487 & CVE-2024-57488

Readme

# Online Car Rental System Vulnerabilities

This repository contains details about the vulnerabilities identified in Code-Projects **Online Car Rental System** project Version 1.0. The vulnerabilities have been assigned CVEs and include comprehensive writeups to assist in understanding and mitigating the issues.

## Vulnerabilities

1. **Remote Code Execution (Authenticated) via File Upload**  
   - **CVE-ID:** CVE-2024-57487
   - **Description:** This vulnerability allows authenticated attackers to upload malicious PHP files, enabling remote command execution on the server.  
   - [View the full writeup here](https://github.com/aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488/blob/main/CVE-2024-57487.md)
  
2. **Stored XSS (Authenticated) in edit-vehicle.php**  
   - **CVE-ID:** CVE-2024-57488
   - **Description:** This vulnerability allows authenticated attackers to inject malicious JavaScript payloads that persist in the system and execute whenever the impacted page is viewed.  
   - [View the full writeup here](https://github.com/aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488/blob/main/CVE-2024-57488.md)



## Disclaimer
These vulnerabilities have been responsibly disclosed to the project maintainers.

## Acknowledgments
- Researcher: Aaryan Golatkar  

File Snapshot

 [4.0K]  /data/pocs/72f7fcadcbb61e0cf40d2b0234a47a0fd60687f9
├── [1.7K]  CVE-2024-57487.md
├── [1.4K]  CVE-2024-57488.md
├── [ 11K]  LICENSE
└── [1.2K]  README.md

0 directories, 4 files

Remarks