CVE-2026-5634

HIGH CVSS 7.3 View on NVD ↗

Description

A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /book_car.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

https://github.com/eqiya17/collection-of-vulnerabilities/issues/12
https://vuldb.com/submit/785863
https://vuldb.com/vuln/355422
https://vuldb.com/vuln/355422/cti

Published: Apr 06, 2026 08:16 UTC Modified: Apr 06, 2026 08:16 UTC