| CVE-2025-9047 | Hig | 0.47 | 7.3 | 0.00 | | Aug 15, 2025 | A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| CVE-2025-8948 | Hig | 0.47 | 7.3 | 0.00 | | Aug 14, 2025 | A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. |
| CVE-2025-8947 | Hig | 0.47 | 7.3 | 0.00 | | Aug 14, 2025 | A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. |
| CVE-2025-11067 | Low | 0.16 | 2.4 | 0.00 | | Sep 27, 2025 | A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. |
