High severity7.3NVD Advisory· Published Jan 7, 2026· Updated Apr 29, 2026
CVE-2026-0643
CVE-2026-0643
Description
A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
Affected products
2cpe:2.3:a:projectworlds:house_rental_and_property_listing_project:1.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:projectworlds:house_rental_and_property_listing_project:1.0:*:*:*:*:*:*:*
- (no CPE)range: = 1.0
Patches
Vulnerability mechanics
References
4- github.com/1uzpk/cve/issues/4nvdExploitIssue TrackingThird Party Advisory
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdThird Party AdvisoryVDB Entry
- vuldb.comnvdPermissions RequiredVDB Entry
News mentions
0No linked articles in our index yet.