CVE-2024-53345

CVE-2024-53345 is an authenticated arbitrary file upload vulnerability (CWE-434) affecting Car Rental Management System versions 1.0 through 1.3. The flaw enables attackers to upload crafted files, leading to arbitrary code execution on the server. It has a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its network accessibility, low attack complexity, and significant impacts on confidentiality, integrity, and availability.

An authenticated attacker with low privileges can exploit this vulnerability remotely without user interaction. By uploading a malicious file through the affected component, the attacker achieves remote code execution, potentially compromising the entire server hosting the Car Rental Management System.

Mitigation details are available in advisories referenced at http://car.com and https://github.com/ShadowByte1/CVE-2024-53345. Security practitioners should consult these sources for patch information or workarounds specific to versions 1.0 to 1.3.