PT-2026-29859 · Projectworlds · Car Rental Project

Wangyiqi

Published

2026-04-02

Updated

2026-04-02

CVE-2026-5368

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions projectworlds Car Rental Project version 1.0

Description A SQL injection issue exists in the Parameter Handler component of projectworlds Car Rental Project 1.0, specifically within the /login.php file. Manipulation of the uname argument can trigger this issue, allowing for remote exploitation. The exploit has been publicly disclosed.

Recommendations Update to a newer version of projectworlds Car Rental Project that addresses this SQL injection issue.

Exploit

Fix

SQL injection

Special Elements Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2026-5368

Affected Products

Car Rental Project

PT-2026-29859 · Projectworlds · Car Rental Project

CVE-2026-5368

Weakness Enumeration

Related Identifiers

Affected Products

References · 6