CVE-2025-9310
BaseFortify
Publication date: 2025-08-21
Last updated on: 2025-09-12
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| carrental_project | carrental | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-259 | The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components. |
| CWE-798 | The product contains hard-coded credentials, such as a password or cryptographic key. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the yeqifu carRental application, specifically in the /carRental_war/druid/login.html file of the Druid component. It involves hard-coded credentials that can be exploited remotely, allowing an attacker to potentially gain unauthorized access. The vulnerability has been publicly disclosed and can be exploited without user interaction or privileges.
How can this vulnerability impact me? :
The vulnerability can allow an attacker to remotely exploit hard-coded credentials, potentially leading to unauthorized access to the affected system. This could compromise the security of the application and any data it handles, increasing the risk of data breaches or unauthorized operations.