Vulnerabilities > Projectworlds

DATE	CVE	VULNERABILITY TITLE	RISK
2021-12-22	CVE-2021-43156	Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Book Store Project in PHP 1.0 In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. network low complexity projectworlds CWE-352	6.5
2021-12-22	CVE-2021-43157	SQL Injection vulnerability in Projectworlds Online Shopping System in PHP 1.0 Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. network low complexity projectworlds CWE-89 critical	9.8
2021-12-22	CVE-2021-43158	Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Shopping System in PHP 1.0 In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. network low complexity projectworlds CWE-352	4.3
2021-12-22	CVE-2021-43628	SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. network low complexity projectworlds CWE-89 critical	9.8
2021-12-22	CVE-2021-43629	SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. network low complexity projectworlds CWE-89 critical	9.8
2021-12-22	CVE-2021-43630	SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. network low complexity projectworlds CWE-89	8.8
2021-12-22	CVE-2021-43631	SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. network low complexity projectworlds CWE-89 critical	9.8
2021-05-17	CVE-2020-29205	Cross-site Scripting vulnerability in Projectworlds Travel Management System 1.0 XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field network low complexity projectworlds CWE-79	6.1
2021-05-06	CVE-2020-19107	SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. network low complexity projectworlds CWE-89 critical	9.8
2021-05-06	CVE-2020-19108	SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. network low complexity projectworlds CWE-89 critical	9.8

Vulnerabilities > Projectworlds {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Projectworlds"}]}

Vulnerabilities > Projectworlds