GCVE - cpe:2.3:a:projectworlds:car_rental

Approved changes feed: RSS · Atom

cpe:2.3:a:projectworlds:car_rental_project:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Projectworlds (`1c49ba31-3767-5ff6-9610-c6dcb2aee835`)
Product	Car Rental Project (`0ad304bb-e5d4-5d42-bcdd-764c0249670b`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2026-5368`	vulnerable	2026-06-03 15:26:27.080448	projectworlds Car Rental Project Parameter login.php sql injection HIGH (7.3) A vulnerability was determined in projectworlds Car Rental Project 1.0. The affected element is an unknown function of the file /login.php of the component Parameter Handler. This manipulation of the argument uname causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized. Published: 2026-04-02T17:15:13.177Z Updated: 2026-04-02T17:44:32.432Z Open on db.gcve.eu Reference links https://vuldb.com/vuln/354746 https://vuldb.com/vuln/354746/cti https://vuldb.com/submit/781665 https://github.com/eqiya17/collection-of-vulnerabilities/issues/5	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-4457`	vulnerable	2026-06-03 15:01:47.705774	Project Worlds Car Rental Project approve.php sql injection HIGH (7.3) A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Published: 2025-05-09T03:00:07.953Z Updated: 2025-05-09T03:29:20.193Z Open on db.gcve.eu Reference links https://vuldb.com/?id.308071 https://vuldb.com/?ctiid.308071 https://vuldb.com/?submit.565445 https://github.com/3507998897/myCVE/issues/8	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-4456`	vulnerable	2026-06-03 15:01:47.705117	Project Worlds Car Rental Project signup.php sql injection HIGH (7.3) A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Published: 2025-05-09T03:00:06.099Z Updated: 2025-05-09T03:30:40.804Z Open on db.gcve.eu Reference links https://vuldb.com/?id.308070 https://vuldb.com/?ctiid.308070 https://vuldb.com/?submit.565441 https://github.com/3507998897/myCVE/issues/7	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-24199`	vulnerable	2026-06-03 14:42:05.997676	Details available Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. Published: 2020-09-09T14:16:57.000Z Updated: 2024-08-04T15:05:12.054Z Open on db.gcve.eu Reference links https://projectworlds.in/free-projects/php-projects/car-rental-project-in-php-and-mysql/ https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp https://github.com/hyd3sec/CarRentalManagement-Unauth-RCE-WebApp/blob/master/CarRental-Unauth-RCE.py	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Projectworlds Car Rental Project 1.0

PURL mappings

Vulnerability references

Contribute