Vulnerabilities > Projectworlds > Leave Management System > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-21 CVE-2023-44481 SQL Injection vulnerability in Projectworlds Leave Management System 1.0
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
network
low complexity
projectworlds CWE-89
8.8
8.8
2023-12-21 CVE-2023-44482 SQL Injection vulnerability in Projectworlds Leave Management System 1.0
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
network
low complexity
projectworlds CWE-89
8.8
8.8
2023-10-27 CVE-2023-44480 SQL Injection vulnerability in Projectworlds Leave Management System 1.0
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
network
low complexity
projectworlds CWE-89
8.8
8.8