EUVD-2026-19203
GHSA-f92h-cvpr-77r6
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
4Description
A security vulnerability has been detected in projectworlds Car Rental System 1.0. This vulnerability affects unknown code of the file /message_admin.php of the component Parameter Handler. Such manipulation of the argument Message leads to sql injection. The attack may be launched remotely. The exploit has been disclosed publicly and may be used.
Analysis
SQL injection in projectworlds Car Rental System 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the Message parameter in /message_admin.php. Publicly available exploit code exists, significantly lowering the barrier to exploitation. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all instances of projectworlds Car Rental System 1.0 in production and development environments; isolate affected systems from public network access or disable the /message_admin.php endpoint via web application firewall rules. Within 7 days: Contact projectworlds vendor for patch availability timeline; if no patch is imminent, evaluate alternative car rental management systems or implement compensating controls. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today