Vulnerabilities > Projectworlds > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-16 | CVE-2021-45852 | Always-Incorrect Control Flow Implementation vulnerability in Projectworlds Hospital Management System in PHP 1.0 An issue was discovered in Projectworlds Hospital Management System v1.0. | 5.0 |
| 2022-02-03 | CVE-2021-44866 | SQL Injection vulnerability in Projectworlds Online Movie Ticket Booking System 1.0 An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. | 5.0 |
| 2021-12-22 | CVE-2021-43156 | Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Book Store Project in PHP 1.0 In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. | 4.3 |
| 2021-12-22 | CVE-2021-43158 | Cross-Site Request Forgery (CSRF) vulnerability in Projectworlds Online Shopping System in PHP 1.0 In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. | 4.3 |
| 2021-12-22 | CVE-2021-43630 | SQL Injection vulnerability in Projectworlds Hospital Management System in PHP 1.0 Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. | 6.5 |
| 2021-05-17 | CVE-2020-29205 | Cross-site Scripting vulnerability in Projectworlds Travel Management System 1.0 XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field | 4.3 |
| 2020-12-23 | CVE-2020-27397 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Online Matrimonial Project 1.0 Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file. | 6.5 |
| 2020-09-30 | CVE-2020-25761 | Cross-site Scripting vulnerability in PHP 1.0 Projectworlds Visitor Management System in PHP 1.0 allows XSS. | 4.3 |
| 2020-09-30 | CVE-2020-25760 | SQL Injection vulnerability in Projectworlds Visitor Management System in PHP 1.0 Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. | 6.5 |
| 2020-04-06 | CVE-2020-11544 | Unrestricted Upload of File with Dangerous Type vulnerability in Projectworlds Official CAR Rental System 1.0 An issue was discovered in Project Worlds Official Car Rental System 1. | 6.5 |