UNKNOWNCVE-2026-5645

projectworlds Car Rental System Parameter pay.php sql injection

Platform

php

Component

projectworlds-car-rental-system

A weakness has been identified in projectworlds Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /pay.php of the component Parameter Handler. Executing a manipulation of the argument mpesa can lead to sql injection. The attack can be launched remotely. The exploit has been made available to the public and could be used for attacks.

How to fix

Actualice el sistema Car Rental System a una versión corregida.  Revise y sanee la entrada de datos en el parámetro 'mpesa' en el archivo /pay.php para prevenir inyecciones SQL. Implemente validación y escape adecuados para evitar la ejecución de código SQL malicioso.

Monitor your dependencies automatically

Get notified when new vulnerabilities affect your projects. Free forever.

Start free