CVE-2020-29227
CVE-2020-29227
Vexday Risk Score
45Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
Exploit maturity
Functional exploit
Automatable exploit available (Nuclei/Metasploit).
CVSS —EPSS 16.8%KEV nãoPoC —Nuclei simMetasploit —Patch —
Lifecycle
14 Dec 2020Published on NVD
Recommendation: Patch as soon as possible — active exploitation confirmed.
An issue was discovered in Car Rental Management System 1.0. An unauthenticated user can perform a file inclusion attack against the /index.php file with a partial filename in the "page" parameter, to cause local file inclusion resulting in code execution.
Affected products
n/a · n/a