CRITICAL🇵🇱 Wersja polska

CVE-2025-60306

CVSS 9.9v3.1pub. 2025-10-10upd. 2026-07-05

code-projects Simple Car Rental System 1.0 has a permission bypass issue where low privilege users can forge high privilege sessions and perform sensitive operations.

🤖 AI Analysis
How it works

The vulnerability results from improper access control (CWE-284) and insufficient identity verification (CWE-287). A logged-in user with low privileges can forge session data so that the system treats them as a high-privilege user. After successfully bypassing the authorization mechanism, the attacker gains the ability to perform operations reserved for administrators.

Impact

An attacker with access to a low-privilege account can gain full control over the application by executing arbitrary sensitive administrative operations — which may lead to breaches of confidentiality, integrity, and availability of the system (CVSS C:H/I:H/A:H).

Mitigation & patch

Patches available from the vendor should be applied in accordance with the references. As a temporary measure, it is recommended to restrict access to the application to trusted users only and implement additional server-side privilege validation.

Who is affected

Code-Projects Simple Car Rental System version 1.0

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Code Projects Simple Car Rental System

    APP
    Code-Projects
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Auth Bypass
CWE
References

Related vulnerabilities

CVE-2024-12945MEDIUM6.9ten sam produkt

A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerabi...

CVE-2025-8335LOW2.1ten sam produkt

A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This a...

CVE-2025-8337LOW1.9ten sam produkt

A vulnerability, which was classified as problematic, has been found in code-projects Simple Car Rental System...

CVE-2024-34955CRITICAL9.8PL ✓ten sam vendor

SQL Injection w Code-Projects Budget Management via parametr delete

CVE-2023-41505CRITICAL9.8PL ✓ten sam vendor

Arbitrary file upload umożliwiający RCE w Student Enrollment In PHP