Executive Summary

CVE-2026-36723 is an unrestricted file rename vulnerability in the BookCars software version 8.3 and earlier. It occurs in the /api/create-user endpoint where user input from the contracts array is used directly in file path operations without proper validation or sanitization.

This lack of validation allows authenticated attackers to perform directory traversal attacks, meaning they can move files from temporary storage to arbitrary locations on the server filesystem by manipulating file paths.

As a result, attackers can gain unauthorized access to sensitive files, overwrite critical application files, and potentially execute remote code by replacing important JavaScript modules such as paypal.js.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized access to sensitive information stored on the server.

Attackers can overwrite critical application files, which may disrupt normal application functionality or introduce malicious behavior.

The most serious impact is the potential for remote code execution, allowing attackers to run arbitrary code on the server, which can lead to full system compromise.

Useful 0 Not Useful 0

Detection Guidance

Detection of this vulnerability involves monitoring the /api/create-user endpoint for suspicious file rename operations that include directory traversal sequences in the contracts array input.

Commands to detect potential exploitation attempts could include searching server logs for directory traversal patterns such as '../' or '..\' in file rename requests.

• Use grep or similar tools to find directory traversal sequences in logs: grep -r "\.\./" /path/to/logs
• Monitor file system changes in temporary storage and critical directories for unexpected renames or file moves.
• Use file integrity monitoring tools to detect overwriting of critical application files like paypal.js.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include validating and sanitizing all user-supplied path components to reject directory traversal sequences.

• Implement canonicalization of file paths to ensure they remain within intended directories.
• Use server-side generated filenames instead of user-supplied names.
• Enforce strict file extension whitelisting to prevent unauthorized file types.
• Apply least-privilege filesystem permissions to limit the impact of any file operations.
• If using Docker, mount the CDN directory as a separate volume to prevent cross-filesystem renames.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability allows authenticated attackers to access sensitive files and overwrite critical application files, potentially leading to unauthorized access to personal or protected data.

Such unauthorized access and potential data breaches could result in non-compliance with regulations like GDPR and HIPAA, which mandate the protection of sensitive personal and health information.

Additionally, the risk of remote code execution could compromise system integrity and confidentiality, further impacting compliance with security requirements in these standards.

Useful 0 Not Useful 0