Vulnerabilities > Projectworlds
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-02 | CVE-2023-45342 | Unspecified vulnerability in Projectworlds Online Food Ordering System 1.0 Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. | 9.8 |
| 2023-10-27 | CVE-2023-44480 | Unspecified vulnerability in Projectworlds Leave Management System 1.0 Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-09-28 | CVE-2023-43014 | SQL Injection vulnerability in Projectworlds Asset Management System 1.0 Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | 8.8 |
| 2023-09-28 | CVE-2023-44163 | SQL Injection vulnerability in Projectworlds Online Movie Ticket Booking System 1.0 The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 |
| 2023-09-28 | CVE-2023-44164 | SQL Injection vulnerability in Projectworlds Online Movie Ticket Booking System 1.0 The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 |
| 2023-09-28 | CVE-2023-44166 | SQL Injection vulnerability in Projectworlds Online Movie Ticket Booking System 1.0 The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | 9.8 |
| 2023-09-28 | CVE-2023-44174 | Cross-site Scripting vulnerability in Projectworlds Online Movie Ticket Booking System 1.0 Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability. | 5.4 |
| 2023-09-28 | CVE-2023-43013 | SQL Injection vulnerability in Projectworlds Asset Management System 1.0 Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | 9.8 |
| 2023-09-28 | CVE-2023-43740 | Unspecified vulnerability in Projectworlds Online Book Store Project 1.0 Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 |
| 2023-09-28 | CVE-2023-44173 | Cross-site Scripting vulnerability in Projectworlds Online Movie Ticket Booking System 1.0 Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. | 5.4 |