In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server.
https://github.com/aaryan-11-x/CVE-2024-57487-and-CVE-2024-57488
https://code-projects.org/online-car-rental-using-php-source-code/