PHP Scripts Mall Rental Bike Script 2.0.3 has HTML injection via the STREET field in the Profile Edit section.

PHP Scripts Mall Car Rental Script 2.0.8 has directory traversal via a direct request for a listing of an image directory such as an images/ directory.

PHP Scripts Mall Car Rental Script 2.0.8 has Cross-Site Request Forgery (CSRF) via accountedit.php.

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields.

PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the User Name field in an Edit Profile action.

PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter.

PHP Scripts Mall Car Rental Script has CSRF via admin/sitesettings.php.

PHP Scripts Mall Car Rental Script has SQL Injection via the admin/carlistedit.php carid parameter.

Car Rental Script 2.0.4 has SQL Injection via the countrycode1.php val parameter.

Cross-site request forgery (CSRF) vulnerability in PHPJabbers Vacation Rental Script allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a create action in the AdminUsers module to index.php.