Vulnerabilities > Projectworlds

DATE CVE VULNERABILITY TITLE RISK
2021-05-06 CVE-2020-19113 Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Online Book Store Project in PHP 1.0
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
network
low complexity
projectworlds CWE-434
critical
9.8
2021-05-06 CVE-2020-19114 SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
network
low complexity
projectworlds CWE-89
critical
9.8
2020-12-23 CVE-2020-27397 Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Online Matrimonial Project 1.0
Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file.
network
low complexity
projectworlds CWE-434
8.8
2020-09-30 CVE-2020-25761 Cross-site Scripting vulnerability in Projectworlds Visitor Management System in PHP 1.0
Projectworlds Visitor Management System in PHP 1.0 allows XSS.
network
low complexity
projectworlds CWE-79
6.1
2020-09-30 CVE-2020-25760 SQL Injection vulnerability in Projectworlds Visitor Management System in PHP 1.0
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection.
network
low complexity
projectworlds CWE-89
8.8
2020-09-15 CVE-2020-23833 SQL Injection vulnerability in Projectworlds House Rental 1.0
Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.
network
low complexity
projectworlds CWE-89
critical
9.8
2020-09-09 CVE-2020-24199 Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds CAR Rental Project 1.0
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.
network
low complexity
projectworlds CWE-434
critical
9.8
2020-08-27 CVE-2020-24203 Forced Browsing vulnerability in Projectworlds Travel Management System 1.0
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.
network
low complexity
projectworlds CWE-425
critical
9.8
2020-08-27 CVE-2020-24202 Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds House Rental and Property Listing Project 1.0
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.
network
low complexity
projectworlds CWE-434
critical
9.8
2020-04-06 CVE-2020-11545 SQL Injection vulnerability in Projectworlds Official CAR Rental System 1.0
Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt.
network
low complexity
projectworlds CWE-89
critical
9.8