What is CVE-2026-0643?

A medium-severity vulnerability has been identified in projectworlds House Rental and Property Listing 1.0. This flaw enables unrestricted file uploads, posing a risk of remote exploitation. Organizations should prioritize patching to mitigate potential impacts.

What is the severity of CVE-2026-0643?

CVE-2026-0643 has a severity rating of MEDIUM with a CVSS base score of 5.5.

CVE-2026-0643 | Medium Vulnerability in projectworlds House Rental and Property Listing

A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.

Severity level for this vulnerability is classified as medium with a CVSS score of 5.5. Organizations must understand the implications of this vulnerability as it could allow unauthorized file uploads, leading to potential remote execution of malicious code.

Risk to organizations includes unauthorized access to sensitive information and potential system compromise. Immediate attention is required to address this issue to prevent exploitation.

Organizations should prioritize patching immediately, as the exploit has already been published.

Vulnerability Details

The vulnerability is classified as a flaw due to unrestricted file upload, which may lead to remote code execution. The CVSS score of 5.5 indicates a medium severity level, while a secondary score of 9.8 indicates critical severity for certain conditions. The affected product is projectworlds House Rental and Property Listing version 1.0, published on January 7, 2026.

The vulnerability is related to the following CWEs: CWE-284 (Improper Access Control) and CWE-434 (Unrestricted Upload of File with Dangerous Type).

Technical Analysis

The root cause of this vulnerability stems from improper validation of uploaded files, specifically in the handling of the argument image within the /app/register.php file. The attack vector is network-based with low complexity, requiring no privileges or user interaction to exploit.

The impact on confidentiality, integrity, and availability is assessed to be low, but the potential for abuse exists due to the unrestricted nature of file uploads.

Risk & Impact Analysis

Real-world deployment of this vulnerability could lead to unauthorized access and control over the affected systems, which can be exploited by attackers for data breaches or other malicious activities. The urgency for organizations to address this vulnerability is significant due to the low attack complexity and the potential for extensive damage.

The CVSS score of 5.5 suggests a medium risk rating, emphasizing the need for patches and remediation to mitigate the risk adequately.

Signal	Status
Known Exploit	Yes
Public PoC	No
Actively Exploited	No
Ransomware Use	No

Affected Versions

The affected product is projectworlds House Rental and Property Listing version 1.0. All versions prior to the vendor patch are vulnerable to this issue.

Mitigation & Remediation

To mitigate this vulnerability, organizations should apply the latest security patch from projectworlds immediately. If a patch is not available, implementing strict input validation on file uploads and restricting file types can help reduce exposure.

For ongoing security assessment, organizations should consider engaging in penetration testing to identify similar weaknesses in their systems.

Detection Guidance

Security teams should monitor logs for any unusual file upload attempts, especially those targeting the /app/register.php endpoint. Behavioral anomalies in user interactions can also indicate exploitation attempts.

AppSecure Threat Intelligence Insight

The long-term significance of this vulnerability is tied to the increasing trend of file upload vulnerabilities in web applications. It represents a common failure in input validation that can lead to serious security breaches.

Security teams should learn from this vulnerability, emphasizing the importance of implementing robust security measures during the development phase. Regular security assessments and updates are crucial.

Organizations looking to enhance their security posture can benefit from understanding common vulnerabilities and implementing best practices. For further guidance, consult our resources on vulnerability management programs and penetration testing methodologies to stay ahead of emerging threats.

By prioritizing these aspects, organizations can significantly reduce their risk exposure and enhance their overall security framework.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

CVE ID	Title	Severity	Vulnerability Type	Published
CVE-2025-65418	CVE-2025-65418: High Vulnerability in docuFORM Managed Print Service Client	HIGH	Path Traversal	May 11, 2026
CVE-2025-65417	CVE-2025-65417: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	XSS	May 11, 2026
CVE-2025-65416	CVE-2025-65416: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Unrestricted File Upload	May 11, 2026
CVE-2025-65415	CVE-2025-65415: Medium Vulnerability in docuFORM Managed Print Service Client	MEDIUM	Session Fixation	May 11, 2026
CVE-2025-61314	CVE-2025-61314: High Vulnerability in GmbH Mecury Managed Print Services	HIGH	XSS	May 11, 2026

CVE-2026-0643: Medium Vulnerability in projectworlds House Rental and Property Listing