CVE-2026-5634

EUVD-2026-19200
A vulnerability was identified in projectworlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /book_car.php of the component Parameter Handler. The manipulation of the argument fname leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
VulDBCNA
7.3 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
projectworldscar_rental_project
1.0
CNA
Common Weakness Enumeration
References
https://github.com/eqiya17/collection-of-vulnerabilities/issues/12
https://vuldb.com/submit/785863
https://vuldb.com/vuln/355422
https://vuldb.com/vuln/355422/cti