An unauthenticated SQL injection vulnerability in Web Ofisi Rent a Car v3 allows remote attackers to manipulate the backend database, threatening data confidentiality.

The 'klima' parameter in the Rent a Car v3 application is not properly validated. An unauthenticated attacker can exploit this to inject malicious SQL code directly into the application's database queries.

Successful exploitation could allow an attacker to view, modify, or delete rental records and customer information. The High severity (CVSS 8.2) reflects the potential for significant data loss and unauthorized access to business-critical information.

Immediate Action: Immediately apply the security patches provided by Web Ofisi for the Rent a Car v3 application.

Proactive Monitoring: Audit database logs for unusual activity related to the rental listing tables and monitor for SQL error spikes.

Compensating Controls: Deploy a WAF to filter out malicious SQL injection attempts targeting the 'klima' parameter.

Public Exploit Available: false

The ability for an unauthenticated user to interact with the database is a critical security failure. We strongly recommend immediate patching and a review of the application's overall security posture to ensure no other parameters are similarly exposed.