Vulnerabilities > Projectworlds > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-22 | CVE-2021-43157 | SQL Injection vulnerability in Projectworlds Online Shopping System in PHP 1.0 Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. | 9.8 |
| 2021-12-22 | CVE-2021-43628 | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. | 9.8 |
| 2021-12-22 | CVE-2021-43629 | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. | 9.8 |
| 2021-12-22 | CVE-2021-43631 | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. | 9.8 |
| 2021-05-06 | CVE-2020-19107 | SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | 9.8 |
| 2021-05-06 | CVE-2020-19108 | SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. | 9.8 |
| 2021-05-06 | CVE-2020-19109 | SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. | 9.8 |
| 2021-05-06 | CVE-2020-19110 | SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | 9.8 |
| 2021-05-06 | CVE-2020-19111 | Improper Authentication vulnerability in Projectworlds Online Book Store Project in PHP 1.0 Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | 9.8 |
| 2021-05-06 | CVE-2020-19112 | SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0 SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | 9.8 |