VYPR

Vendor CVEs

Projectworlds

All CVEs

200 total · sorted by risk
  • CVE-2025-12862MedNov 7, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from…

  • CVE-2025-11426MedOct 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_book.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the…

  • CVE-2025-8247MedJul 28, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability classified as critical has been found in Projectworlds Online Admission System 1.0. This affects an unknown part of the file /admin.php. The manipulation of the argument markof leads to sql injection. It is possible to initiate the attack remotely. The exploit…

  • CVE-2025-6136MedJun 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack may be…

  • CVE-2025-6135MedJun 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /insertNominee.php. The manipulation of the argument client_id/nominee_id leads to sql injection. The attack can…

  • CVE-2025-6134MedJun 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /insertClient.php. The manipulation of the argument client_id leads to sql injection. It is possible to initiate the…

  • CVE-2025-6133MedJun 16, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be…

  • CVE-2026-5811MedApr 8, 2026
    risk 0.35cvss 5.4epss 0.00

    A vulnerability was identified in SourceCodester Online Food Ordering System 1.0. Affected by this issue is the function save_product of the file /Actions.php of the component POST Parameter Handler. Such manipulation of the argument price leads to business logic errors. The…

  • CVE-2026-30527MedMar 27, 2026
    risk 0.35cvss 5.4epss 0.00

    A Stored Cross-Site Scripting (XSS) vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Category management module within the admin panel. The application fails to properly sanitize user input supplied to the "Category Name" field when creating or…

  • CVE-2025-11103MedSep 28, 2025
    risk 0.31cvss 4.7epss 0.00

    A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be…

  • CVE-2026-4626LowMar 24, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability has been found in projectworlds Lawyer Management System 1.0. This impacts an unknown function of the file /lawyer_booking.php. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-4596LowMar 23, 2026
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was identified in projectworlds Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyers.php. The manipulation of the argument first_Name leads to cross site scripting. The attack may be initiated remotely. The exploit is…

  • CVE-2026-1700LowJan 30, 2026
    risk 0.23cvss 3.5epss 0.00

    A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The…

  • CVE-2025-12227LowOct 27, 2025
    risk 0.23cvss 3.5epss 0.00

    A vulnerability was determined in projectworlds Gate Pass Management System 1.0. The affected element is an unknown function of the file /add-pass.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly…

  • CVE-2026-0642LowJan 7, 2026
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit…

  • CVE-2025-12231LowOct 27, 2025
    risk 0.16cvss 2.4epss 0.00

    A security vulnerability has been detected in projectworlds Expense Management System 1.0. Affected is an unknown function of the file /public/admin/expense_categories/create of the component Expense Categories Page. Such manipulation leads to cross site scripting. It is…

  • CVE-2025-12230LowOct 27, 2025
    risk 0.16cvss 2.4epss 0.00

    A weakness has been identified in projectworlds Expense Management System 1.0. This impacts an unknown function of the file /public/admin/currencies/create of the component Currency Page. This manipulation causes cross site scripting. It is possible to initiate the attack…

  • CVE-2025-12229LowOct 27, 2025
    risk 0.16cvss 2.4epss 0.00

    A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The…

  • CVE-2025-12228LowOct 27, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was identified in projectworlds Expense Management System 1.0. The impacted element is an unknown function of the file /public/admin/users/create of the component Users Page. The manipulation leads to cross site scripting. The attack is possible to be carried out…

  • CVE-2025-11425LowOct 8, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /edit_admin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The…

  • CVE-2025-11067LowSep 27, 2025
    risk 0.16cvss 2.4epss 0.00

    A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is…

  • CVE-2021-45835Mar 18, 2022
    risk 0.02cvss epss 0.03

    The Online Admission System 1.0 allows an unauthenticated attacker to upload or transfer files of dangerous types to the application through documents.php, which may be used to execute malicious code or lead to code execution.

  • CVE-2021-37372Oct 26, 2021
    risk 0.01cvss epss 0.03

    Online Student Admission System 1.0 is affected by an insecure file upload vulnerability. A low privileged user can upload malicious PHP files by updating their profile image to gain remote code execution.

  • CVE-2026-30531Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_category action). The application fails to properly sanitize user input supplied to the "name" parameter. This allows an authenticated attacker…

  • CVE-2026-30532Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/view_product.php file via the "id" parameter.

  • CVE-2026-30533Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the admin/manage_product.php file via the "id" parameter.

  • CVE-2026-30530Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_customer action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an attacker to inject…

  • CVE-2026-30529Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in the Actions.php file (specifically the save_user action). The application fails to properly sanitize user input supplied to the "username" parameter. This allows an authenticated attacker…

  • CVE-2026-30534Mar 27, 2026
    risk 0.00cvss epss 0.00

    A SQL Injection vulnerability exists in SourceCodester Online Food Ordering System v1.0 in admin/manage_category.php via the "id" parameter.

  • CVE-2025-70147Feb 18, 2026
    risk 0.00cvss epss 0.00

    Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a…

  • CVE-2025-70146Feb 18, 2026
    risk 0.00cvss epss 0.00

    Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected…

  • CVE-2025-60311Oct 8, 2025
    risk 0.00cvss epss 0.00

    ProjectWorlds Gym Management System1.0 is vulnerable to SQL Injection via the "id" parameter in the profile/edit.php page

  • CVE-2025-5008May 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_teacher.php. The manipulation of the argument e leads to sql injection. The attack may be…

  • CVE-2025-5004May 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated…

  • CVE-2025-5003May 20, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /semester_ajax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely.…

  • CVE-2025-4936May 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack…

  • CVE-2025-4932May 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file /lawyer_registation.php. The manipulation of the argument email leads to sql injection. The…

  • CVE-2025-4931May 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in projectworlds Online Lawyer Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /user_registation.php. The manipulation of the argument email leads to sql injection. The attack can be…

  • CVE-2025-4928May 19, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in projectworlds Online Lawyer Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /save_lawyer_edit_profile.php. The manipulation leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2025-4837May 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_group_sql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possible to initiate the…

  • CVE-2025-4836May 17, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /deleteAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be…

  • CVE-2025-4739May 16, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in projectworlds Hospital Database Management System 1.0. It has been classified as critical. This affects an unknown part of the file /medicines_info.php. The manipulation of the argument Med_ID leads to sql injection. It is possible to initiate the…

  • CVE-2025-4482May 9, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in Project Worlds Student Project Allocation System 1.0. Affected by this vulnerability is an unknown functionality of the file /change_pass/forgot_password_sql.php. The manipulation of the argument Pat_BloodGroup1 leads to sql…

  • CVE-2025-4457May 9, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical was found in Project Worlds Car Rental Project 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/approve.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely.…

  • CVE-2025-4456May 9, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Project Worlds Car Rental Project 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument fname leads to sql injection. It is possible to launch the attack remotely. The exploit has…

  • CVE-2025-3176Apr 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Project Worlds Online Lawyer Management System 1.0. It has been classified as critical. This affects an unknown part of the file /single_lawyer.php. The manipulation of the argument u_id leads to sql injection. It is possible to initiate the attack…

  • CVE-2025-3175Apr 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /save_user_edit_profile.php. The manipulation of the argument first_Name leads to sql injection. The…

  • CVE-2025-3174Apr 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /searchLawyer.php. The manipulation of the argument experience leads to sql injection. The…

  • CVE-2025-3173Apr 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id/description leads to sql injection. It is possible to…

  • CVE-2025-3172Apr 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in Project Worlds Online Lawyer Management System 1.0. This issue affects some unknown processing of the file /lawyer_booking.php. The manipulation of the argument unblock_id leads to sql injection. The attack may…