GCVE - cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:phpjabbers:car_rental_script:3.0:*:*:*:*:*:*:*

part: a version: 3.0 update: *

Vendor	Phpjabbers (`2f919538-31c8-5cbb-b18c-c6079deaeb0d`)
Product	Car Rental Script (`6ec13d8a-2704-55ae-9f35-3994408ad3a5`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-48837`	vulnerable	2026-06-03 14:53:19.923371	Details available Car Rental Script 3.0 is vulnerable to Multiple HTML Injection issues via SMS API Key or Default Country Code. Published: 2023-12-07T00:00:00.000Z Updated: 2024-08-02T21:46:28.376Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/car-rental-script/ http://packetstormsecurity.com/files/176048	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-48836`	vulnerable	2026-06-03 14:53:19.923119	Details available Car Rental Script 3.0 is vulnerable to Multiple Stored Cross-Site Scripting (XSS) issues via the name, plugin_sms_api_key, plugin_sms_country_code, calendar_id, title, country name, or customer_name parameter. Published: 2023-12-07T00:00:00.000Z Updated: 2024-11-26T15:38:15.740Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/car-rental-script/ http://packetstormsecurity.com/files/176046	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-48835`	vulnerable	2026-06-03 14:53:19.922802	Details available Car Rental Script v3.0 is vulnerable to CSV Injection via a Language > Labels > Export action. Published: 2023-12-07T00:00:00.000Z Updated: 2024-08-02T21:46:28.555Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/car-rental-script/ http://packetstormsecurity.com/files/176045	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-48834`	vulnerable	2026-06-03 14:53:19.922459	Details available A lack of rate limiting in pjActionAjaxSend in Car Rental v3.0 allows attackers to cause resource exhaustion. Published: 2023-12-07T00:00:00.000Z Updated: 2025-05-28T15:34:47.654Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/car-rental-script/ http://packetstormsecurity.com/files/176043	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-40764`	vulnerable	2026-06-03 14:52:50.635124	Details available User enumeration is found in PHP Jabbers Car Rental Script v3.0. This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users. Published: 2023-08-28T00:00:00.000Z Updated: 2024-10-02T15:36:19.242Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/car-rental-script/ https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-40754`	vulnerable	2026-06-03 14:52:50.625286	Details available In PHPJabbers Car Rental Script 3.0, lack of verification when changing an email address and/or password (on the Profile Page) allows remote attackers to take over accounts. Published: 2023-08-28T00:00:00.000Z Updated: 2024-10-02T15:52:43.306Z Open on db.gcve.eu Reference links https://www.phpjabbers.com/car-rental-script/ https://medium.com/%40mfortinsec/multiple-vulnerabilities-in-phpjabbers-part-3-40fc3565982f	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.