A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0. Affected is an unknown function of the file /vehical-details.php of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely.

A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Change Image Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well.

A vulnerability was found in SourceCodester Online Motorcycle Rental System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/?page=bike of the component Bike List. The manipulation of the argument Model with the input "><script>confirm (document.cookie)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-242170 is the identifier assigned to this vulnerability.

Online Motorcycle (Bike) Rental System 1.0 is vulnerable to a Blind Time-Based SQL Injection attack within the login portal. This can lead attackers to remotely dump MySQL database credentials.

An Arbitrary File Upload in the Upload Image component in Sourcecodester Online Bike Rental v1.0 allows authenticated administrator to conduct remote code execution.

An Arbitrary File Upload in Vehicle Image Upload in Online Bike Rental v1.0 allows authenticated admin to conduct remote code execution.