Vulnerabilities > Projectworlds > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-21 | CVE-2023-45119 | SQL Injection vulnerability in Projectworlds Online Examination System 1.0 Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-10-27 | CVE-2023-44480 | SQL Injection vulnerability in Projectworlds Leave Management System 1.0 Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | 8.8 |
| 2023-09-28 | CVE-2023-43014 | SQL Injection vulnerability in Projectworlds Asset Management System 1.0 Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | 8.8 |
| 2023-09-28 | CVE-2023-43740 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Online Book Store Project 1.0 Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 |
| 2023-09-28 | CVE-2023-5185 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds GYM Management System Project 1.0 Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | 8.8 |
| 2022-01-23 | CVE-2021-46024 | SQL Injection vulnerability in Projectworlds Online-Shopping-Webvsite-In-PHP 1.0 Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. | 7.5 |
| 2021-12-22 | CVE-2021-43155 | SQL Injection vulnerability in Projectworlds Online Book Store Project in PHP 1.0 Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php. | 7.5 |
| 2021-12-22 | CVE-2021-43157 | SQL Injection vulnerability in Projectworlds Online Shopping System in PHP 1.0 Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. | 7.5 |
| 2021-12-22 | CVE-2021-43628 | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. | 7.5 |
| 2021-12-22 | CVE-2021-43629 | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. | 7.5 |