Vulnerabilities > Projectworlds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-27 | CVE-2024-10423 | SQL Injection vulnerability in Projectworlds Student Project Allocation System 1.0 A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. | 9.8 |
| 2024-08-15 | CVE-2024-42843 | SQL Injection vulnerability in Projectworlds Online Examination System 1.0 Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. | 9.8 |
| 2024-06-14 | CVE-2024-36597 | SQL Injection vulnerability in Projectworlds Life Insurance Management System 1.0 Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php. | 8.8 |
| 2024-01-25 | CVE-2024-22922 | Improper Privilege Management vulnerability in Projectworlds Visitor Management System in PHP 1.0 An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php | 9.8 |
| 2024-01-19 | CVE-2024-0730 | SQL Injection vulnerability in Projectworlds Online Time Table Generator 1.0 A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. | 9.8 |
| 2024-01-19 | CVE-2024-0726 | Cross-site Scripting vulnerability in Projectworlds Student Project Allocation System 1.0 A vulnerability was found in Project Worlds Student Project Allocation System 1.0. | 6.1 |
| 2024-01-07 | CVE-2024-0262 | Cross-site Scripting vulnerability in Projectworlds Online JOB Portal 1.0 A vulnerability was found in Online Job Portal 1.0 and classified as problematic. | 4.8 |
| 2023-12-21 | CVE-2023-48685 | SQL Injection vulnerability in Projectworlds Railway Reservation System 1.0 Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 |
| 2023-12-21 | CVE-2023-48687 | SQL Injection vulnerability in Projectworlds Railway Reservation System 1.0 Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 |
| 2023-12-21 | CVE-2023-48689 | SQL Injection vulnerability in Projectworlds Railway Reservation System 1.0 Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 |