| CVE-2026-0643 | Hig | 0.47 | 7.3 | 0.00 | | Jan 7, 2026 | A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used. |
| CVE-2026-1700 | Low | 0.23 | 3.5 | 0.00 | | Jan 30, 2026 | A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks. |
| CVE-2026-0642 | Low | 0.16 | 2.4 | 0.00 | | Jan 7, 2026 | A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. |
