Online Time Table Generator
CVEs (5)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-70147 | 0.00 | — | 0.00 | Feb 18, 2026 | Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session. | |||
| CVE-2025-70146 | 0.00 | — | 0.01 | Feb 18, 2026 | Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session. | |||
| CVE-2025-5008 | 0.00 | — | 0.00 | May 20, 2025 | A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_teacher.php. The manipulation of the argument e leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | |||
| CVE-2025-5004 | 0.00 | — | 0.00 | May 20, 2025 | A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||
| CVE-2025-5003 | 0.00 | — | 0.00 | May 20, 2025 | A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /semester_ajax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. |
- CVE-2025-70147Feb 18, 2026risk 0.00cvss —epss 0.00
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session.
- CVE-2025-70146Feb 18, 2026risk 0.00cvss —epss 0.01
Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session.
- CVE-2025-5008May 20, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_teacher.php. The manipulation of the argument e leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
- CVE-2025-5004May 20, 2025risk 0.00cvss —epss 0.00
A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
- CVE-2025-5003May 20, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /semester_ajax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.