A SQL injection vulnerability was discovered in projectworlds Car Rental Project version 1.0. The vulnerability affects the Parameter Handler component in the /login.php file, specifically through manipulation of the 'uname' argument. This flaw allows for remote exploitation and poses a significant security risk. The exploit details have been publicly disclosed and are available for use by attackers. The vulnerability enables unauthorized database access through SQL injection techniques. Organizations using this software should implement immediate security measures.