CVE-2025-7477:

A critical vulnerability in the Simple Car Rental System 1.0 allows for unrestricted file uploads via the `/admin/add_cars.php` endpoint, potentially leading to remote exploitation.

Score
A numerical rating that indicates how dangerous this vulnerability is.

7.2High

Published Date:Jul 12, 2025
CISA KEV Date:*No Data*
Industries Affected:20

Threat Predictions

EPSS Score:0.1
EPSS Percentile:28%

Exploitability

Score:1.2
Attack Vector:NETWORK
Attack Complexity:LOW
Privileges Required:HIGH
User Interaction:NONE
Scope:UNCHANGED

Impact

Score:5.9
Confidentiality Impact:HIGH
Integrity Impact:HIGH
Availability Impact:HIGH

Description Preview

A critical vulnerability in the Simple Car Rental System 1.0 allows for unrestricted file uploads via the `/admin/add_cars.php` endpoint, potentially leading to remote exploitation.

Overview

- **CVE ID**: CVE-2025-7477 - **Published Date**: July 12, 2025 - **Vulnerability Status**: Received - **Severity**: Medium (CVSS 3.1 Base Score: 4.7) - **Attack Vector**: Network - **Privileges Required**: High - **User Interaction**: None - **Impacted Component**: `/admin/add_cars.php` - **Weaknesses**: - CWE-284: Improper Access Control - CWE-434: Unrestricted Upload of File with Dangerous Type

Remediation

To mitigate the risk associated with CVE-2025-7477, it is recommended that users of the Simple Car Rental System 1.0 take the following actions:
1. **Update the Software**: Check for any patches or updates released by the vendor that address this vulnerability.
2. **Implement File Upload Restrictions**: Ensure that only specific file types are allowed for upload and validate file contents to prevent the execution of malicious files.
3. **Access Control**: Review and strengthen access controls for sensitive endpoints, ensuring that only authorized users can access the `/admin/add_cars.php` file.
4. **Monitor for Exploitation**: Implement logging and monitoring to detect any unauthorized access attempts or suspicious file uploads.