EUVD-2026-18482
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
Analysis
SQL injection in projectworlds Car Rental Project 1.0 login.php allows unauthenticated remote attackers to bypass authentication, extract sensitive database contents, and potentially modify or delete data via the 'uname' parameter. Publicly available exploit code exists (GitHub POC published), significantly lowering the barrier to exploitation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all systems running projectworlds Car Rental Project 1.0 and immediately isolate internet-facing instances or restrict access via firewall rules to trusted networks only. Within 7 days: Contact projectworlds vendor for security advisory and patch timeline; if no patch is provided, evaluate alternative car rental management solutions. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today