Vulnerabilities > Projectworlds > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-21 | CVE-2023-45119 | Unspecified vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-10-27 | CVE-2023-44480 | Unspecified vulnerability in Projectworlds Leave Management System 1.0 Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-09-28 | CVE-2023-43014 | SQL Injection vulnerability in Projectworlds Asset Management System 1.0 Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | 8.8 |
| 2023-09-28 | CVE-2023-43740 | Unspecified vulnerability in Projectworlds Online Book Store Project 1.0 Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 |
| 2023-09-28 | CVE-2023-5185 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds GYM Management System Project 1.0 Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 |
| 2022-02-03 | CVE-2021-44866 | SQL Injection vulnerability in Projectworlds Online Movie Ticket Booking System 1.0 An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. | 7.5 |
| 2021-12-22 | CVE-2021-43630 | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. | 8.8 |
| 2020-12-23 | CVE-2020-27397 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Online Matrimonial Project 1.0 Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file. | 8.8 |
| 2020-09-30 | CVE-2020-25760 | SQL Injection vulnerability in Projectworlds Visitor Management System in PHP 1.0 Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. | 8.8 |
| 2020-04-06 | CVE-2020-11544 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Official CAR Rental System 1.0 An issue was discovered in Project Worlds Official Car Rental System 1. | 7.2 |