Vulnerabilities > Projectworlds
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2020-04-06 | CVE-2020-11545 | SQL Injection vulnerability in Projectworlds Official CAR Rental System 1.0 Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt. | 9.8 |
2020-04-06 | CVE-2020-11544 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Official CAR Rental System 1.0 An issue was discovered in Project Worlds Official Car Rental System 1. | 7.2 |