Vulnerabilities > Projectworlds > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-08-27 | CVE-2020-24203 | Forced Browsing vulnerability in Projectworlds Travel Management System 1.0 Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | 7.5 |
| 2020-08-27 | CVE-2020-24202 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds House Rental and Property Listing Project 1.0 File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | 7.5 |
| 2020-04-06 | CVE-2020-11545 | SQL Injection vulnerability in Projectworlds Official CAR Rental System 1.0 Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt. | 7.5 |