← Back

Car Rental Project

car_rental_project

Vendor: Projectworlds • 4 CVEs

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2026-5368
1Projectworlds
1Car Rental Project
Apr 29, 2026
Apr 2, 2026
5.5 MEDIUM· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname cause...Show more
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.Show less
CVE-2025-4457
1Projectworlds
1Car Rental Project
Jul 11, 2025
May 9, 2025
6.9 MEDIUM· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID le...Show more
A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.Show less
CVE-2025-4456
1Projectworlds
1Car Rental Project
Jul 11, 2025
May 9, 2025
6.9 MEDIUM· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It i...Show more
A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.Show less
CVE-2020-24199
1Projectworlds
1Car Rental Project
Nov 21, 2024
Sep 9, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.