Vulnerabilities > Projectworlds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-25 | CVE-2024-22922 | Improper Privilege Management vulnerability in Projectworlds Visitor Management System in PHP 1.0 An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php | 9.8 |
| 2024-01-19 | CVE-2024-0730 | SQL Injection vulnerability in Projectworlds Online Time Table Generator 1.0 A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. | 9.8 |
| 2024-01-07 | CVE-2024-0262 | Cross-site Scripting vulnerability in Projectworlds Online JOB Portal 1.0 A vulnerability was found in Online Job Portal 1.0 and classified as problematic. | 4.8 |
| 2023-12-21 | CVE-2023-48685 | SQL Injection vulnerability in Projectworlds Railway Reservation System 1.0 Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 |
| 2023-12-21 | CVE-2023-48687 | SQL Injection vulnerability in Projectworlds Railway Reservation System 1.0 Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 |
| 2023-12-21 | CVE-2023-48689 | SQL Injection vulnerability in Projectworlds Railway Reservation System 1.0 Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 |
| 2023-12-21 | CVE-2023-48716 | SQL Injection vulnerability in Projectworlds Student Result Management System 1.0 Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 |
| 2023-12-21 | CVE-2023-44481 | SQL Injection vulnerability in Projectworlds Leave Management System 1.0 Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-12-21 | CVE-2023-44482 | SQL Injection vulnerability in Projectworlds Leave Management System 1.0 Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-12-21 | CVE-2023-45120 | SQL Injection vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |