Vulnerabilities > Projectworlds

DATE CVE VULNERABILITY TITLE RISK
2021-05-17 CVE-2020-29205 Cross-site Scripting vulnerability in Projectworlds Travel Management System 1.0
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field
4.3
2021-05-06 CVE-2020-19114 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
2021-05-06 CVE-2020-19113 Unrestricted Upload of File with Dangerous Type vulnerability in PHP 1.0
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
network
low complexity
projectworlds CWE-434
7.5
2021-05-06 CVE-2020-19112 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
2021-05-06 CVE-2020-19111 Improper Privilege Management vulnerability in PHP 1.0
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
network
low complexity
projectworlds CWE-269
7.5
2021-05-06 CVE-2020-19110 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
2021-05-06 CVE-2020-19109 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
2021-05-06 CVE-2020-19108 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
2021-05-06 CVE-2020-19107 SQL Injection vulnerability in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
7.5
2020-12-23 CVE-2020-27397 Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Online Matrimonial Project 1.0
Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file.
network
low complexity
projectworlds CWE-434
6.5