| Title | code-projects Simple Car Rental System 1.0 Cross-Site Request Forgery |
|---|
| Description | A Cross-Site Request Forgery (CSRF) vulnerability was found in /admin/delete_car.php. The operation to delete a car (which sends the purchased vehicle to the customer) lacks a protective mechanism, such as a CSRF token, to validate the request's authenticity. If an authenticated administrator is tricked into visiting a malicious webpage, an attacker can forge a request to this endpoint.
This would cause the administrator's browser to execute the delete action without their knowledge or consent, leading to the unauthorized manipulation or deletion of vehicle data. |
|---|
| Source | ⚠️ https://github.com/i-Corner/cve/issues/12 |
|---|
| User | iC0rner (UID 82839) |
|---|
| Submission | 07/28/2025 14:20 (11 months ago) |
|---|
| Moderation | 07/30/2025 10:18 (2 days later) |
|---|
| Status | Accepted |
|---|
| VulDB entry | 318285 [code-projects Simple Car Rental System 1.0 cross-site request forgery] |
|---|
| Points | 20 |
|---|