Search

Find a vulnerability

Search criteria

    4 vulnerabilities found for VikRentCar Car Rental Management System by Unknown

    CVE-2024-1845 (GCVE-0-2024-1845)

    Vulnerability from nvd – Published: 2024-07-11 06:00 – Updated: 2024-08-01 18:56
    VLAI
    Title
    VikRentCar Car Rental Management System < 1.3.2 - Cross Site Request Forgery
    Summary
    The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/a8d7b564-36e0-4f… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown VikRentCar Car Rental Management System Affected: 0 , < 1.3.2 (semver)
    Create a notification for this product.
    e4j vikrentcar_car_rental_management_system Affected: 0 , < 1.3.2 (semver)
        cpe:2.3:a:e4j:vikrentcar_car_rental_management_system:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Srikar V WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:e4j:vikrentcar_car_rental_management_system:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vikrentcar_car_rental_management_system",
                "vendor": "e4j",
                "versions": [
                  {
                    "lessThan": "1.3.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1845",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T15:38:47.675984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T17:22:15.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.201Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VikRentCar Car Rental Management System",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Srikar V"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-11T06:00:02.403Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "VikRentCar Car Rental Management System \u003c 1.3.2 - Cross Site Request Forgery",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1845",
        "datePublished": "2024-07-11T06:00:02.403Z",
        "dateReserved": "2024-02-23T15:48:11.778Z",
        "dateUpdated": "2024-08-01T18:56:22.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24519 (GCVE-0-2021-24519)

    Vulnerability from nvd – Published: 2021-08-16 10:48 – Updated: 2024-08-03 19:35
    VLAI
    Title
    Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
    Summary
    The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown VikRentCar Car Rental Management System Affected: 1.1.10 , < 1.1.10 (custom)
    Create a notification for this product.
    Credits
    Muhammad Daffa
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:35:20.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VikRentCar Car Rental Management System",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.1.10",
                  "status": "affected",
                  "version": "1.1.10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Muhammad Daffa"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the \u0027Text Next to Icon\u0027 field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-16T10:48:25.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vik Rent Car \u003c 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24519",
              "STATE": "PUBLIC",
              "TITLE": "Vik Rent Car \u003c 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VikRentCar Car Rental Management System",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.10",
                                "version_value": "1.1.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Muhammad Daffa"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the \u0027Text Next to Icon\u0027 field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24519",
        "datePublished": "2021-08-16T10:48:25.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:35:20.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1845 (GCVE-0-2024-1845)

    Vulnerability from cvelistv5 – Published: 2024-07-11 06:00 – Updated: 2024-08-01 18:56
    VLAI
    Title
    VikRentCar Car Rental Management System < 1.3.2 - Cross Site Request Forgery
    Summary
    The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
    SSVC
    Exploitation: poc Automatable: no Technical Impact: total
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/a8d7b564-36e0-4f… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown VikRentCar Car Rental Management System Affected: 0 , < 1.3.2 (semver)
    Create a notification for this product.
    e4j vikrentcar_car_rental_management_system Affected: 0 , < 1.3.2 (semver)
        cpe:2.3:a:e4j:vikrentcar_car_rental_management_system:*:*:*:*:*:wordpress:*:*
    Create a notification for this product.
    Credits
    Srikar V WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:e4j:vikrentcar_car_rental_management_system:*:*:*:*:*:wordpress:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "vikrentcar_car_rental_management_system",
                "vendor": "e4j",
                "versions": [
                  {
                    "lessThan": "1.3.2",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 8,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "HIGH",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1845",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "total"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-31T15:38:47.675984Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-31T17:22:15.089Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.201Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "VikRentCar Car Rental Management System",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.3.2",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Srikar V"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-11T06:00:02.403Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/a8d7b564-36e0-4f05-9b49-1b441f453d0a/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "VikRentCar Car Rental Management System \u003c 1.3.2 - Cross Site Request Forgery",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1845",
        "datePublished": "2024-07-11T06:00:02.403Z",
        "dateReserved": "2024-02-23T15:48:11.778Z",
        "dateUpdated": "2024-08-01T18:56:22.201Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-24519 (GCVE-0-2021-24519)

    Vulnerability from cvelistv5 – Published: 2021-08-16 10:48 – Updated: 2024-08-03 19:35
    VLAI
    Title
    Vik Rent Car < 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)
    Summary
    The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue
    Severity
    No CVSS data available.
    CWE
    • CWE-79 - Cross-site Scripting (XSS)
    Assigner
    References
    Impacted products
    Vendor Product Version
    Unknown VikRentCar Car Rental Management System Affected: 1.1.10 , < 1.1.10 (custom)
    Create a notification for this product.
    Credits
    Muhammad Daffa
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T19:35:20.093Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "VikRentCar Car Rental Management System",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "1.1.10",
                  "status": "affected",
                  "version": "1.1.10",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "value": "Muhammad Daffa"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the \u0027Text Next to Icon\u0027 field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-79",
                  "description": "CWE-79 Cross-site Scripting (XSS)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2021-08-16T10:48:25.000Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "Vik Rent Car \u003c 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)",
          "x_generator": "WPScan CVE Generator",
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "contact@wpscan.com",
              "ID": "CVE-2021-24519",
              "STATE": "PUBLIC",
              "TITLE": "Vik Rent Car \u003c 1.1.10 - Authenticated Stored Cross-Site Scripting (XSS)"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "VikRentCar Car Rental Management System",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "1.1.10",
                                "version_value": "1.1.10"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Unknown"
                  }
                ]
              }
            },
            "credit": [
              {
                "lang": "eng",
                "value": "Muhammad Daffa"
              }
            ],
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the \u0027Text Next to Icon\u0027 field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue"
                }
              ]
            },
            "generator": "WPScan CVE Generator",
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-79 Cross-site Scripting (XSS)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c",
                  "refsource": "MISC",
                  "url": "https://wpscan.com/vulnerability/368828f9-fdd1-4a82-8658-20e0f4c4da0c"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2021-24519",
        "datePublished": "2021-08-16T10:48:25.000Z",
        "dateReserved": "2021-01-14T00:00:00.000Z",
        "dateUpdated": "2024-08-03T19:35:20.093Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }