PT-2026-1547 · Projectworlds · House Rental/Property Listing
1Uzpk
·
Published
2026-01-06
·
Updated
2026-01-07
·
CVE-2026-0643
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
projectworlds House Rental and Property Listing version 1.0
Description
A flaw exists in projectworlds House Rental and Property Listing that allows for unrestricted file upload through manipulation of the
image argument in the file '/app/register.php?action=reg' within the Signup component. This manipulation occurs in an unknown function. Remote exploitation is possible, and an exploit has been published.Recommendations
Apply restrictions to the file upload functionality within the Signup component.
Disable or restrict access to the
/app/register.php?action=reg endpoint.Exploit
Fix
Unrestricted File Upload
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
House Rental/Property Listing