QwikSec

Security Database

CVE

CWE

Training

CVE-2025-9310

Published: Aug 21, 2025

Modified: Aug 21, 2025

PUBLISHED

CVSS v3.1

5.3

MEDIUM

Description

A vulnerability was determined in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. Affected by this vulnerability is an unknown functionality of the file /carRental_war/druid/login.html of the component Druid. Executing manipulation can lead to hard-coded credentials. The attack may be launched remotely. The exploit has been publicly disclosed and may be utilized. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.

Vendor	Product	Versions
yeqifu	carRental	affected `3fabb7eae93d209426638863980301d6f99866b3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

References

VDB-320915 | yeqifu carRental Druid login.html hard-coded credentials

vdb-entry

VDB-320915 | CTI Indicators (IOB, IOC, TTP, IOA)

signature

permissions-required

Submit #633588 | https://github.com/yeqifu/carRental carRental 1.0 Use of Hard-coded Credentials

third-party-advisory

https://github.com/caigo8/CVE-md/blob/main/carRentalV1.0/druid%E6%9C%AA%E6%8E%88%E6%9D%83.md

exploit

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.