VYPR

Vendor CVEs

Projectworlds

All CVEs

200 total · sorted by risk
  • CVE-2025-3171Apr 3, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injection. The attack can be initiated…

  • CVE-2025-3170Apr 3, 2025
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. The manipulation of the argument block_id/unblock_id leads to sql injection. It is possible to initiate the…

  • CVE-2025-3042Apr 1, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload. The attack can be initiated…

  • CVE-2025-3041Mar 31, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted upload. It is possible to initiate the attack…

  • CVE-2025-3040Mar 31, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_student.php. The manipulation of the argument pic leads to unrestricted upload. The attack may…

  • CVE-2025-2662Mar 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Project Worlds Online Time Table Generator 1.0. It has been classified as critical. Affected is an unknown function of the file student/studentdashboard.php. The manipulation of the argument course leads to sql injection. It is possible to launch the…

  • CVE-2025-2661Mar 23, 2025
    risk 0.00cvss epss 0.01

    A vulnerability was found in Project Worlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /staff/index.php. The manipulation of the argument e leads to sql injection. The attack may be initiated remotely. The…

  • CVE-2025-2660Mar 23, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in Project Worlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument e leads to sql injection. The attack can be initiated remotely. The…

  • CVE-2025-2659Mar 23, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /student/index.php. The manipulation of the argument e leads to sql injection. It is possible to initiate the attack remotely.…

  • CVE-2025-2657Mar 23, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in projectworlds Apartment Visitors Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /front.php. The manipulation of the argument rid leads to sql injection. The attack can be launched…

  • CVE-2025-2067Mar 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The…

  • CVE-2025-2066Mar 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack can be initiated…

  • CVE-2025-2065Mar 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of the argument agent_id leads to sql injection. It is possible to initiate the attack…

  • CVE-2025-2064Mar 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file /deletePayment.php. The manipulation of the argument recipt_no leads to sql injection. The…

  • CVE-2025-2063Mar 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deleteNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can…

  • CVE-2025-2062Mar 7, 2025
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the argument client_id leads to sql injection. It is possible to launch the attack…

  • CVE-2024-12950Dec 26, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in code-projects/projectworlds Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql injection. The attack may be initiated…

  • CVE-2024-11059Nov 10, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id…

  • CVE-2024-51328Nov 4, 2024
    risk 0.00cvss epss 0.00

    Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.

  • CVE-2024-51326Nov 4, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.

  • CVE-2024-51327Nov 4, 2024
    risk 0.00cvss epss 0.01

    SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.

  • CVE-2024-10735Nov 3, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be…

  • CVE-2024-10734Nov 3, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. It is possible to initiate the…

  • CVE-2024-51060Oct 31, 2024
    risk 0.00cvss epss 0.00

    Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter.

  • CVE-2024-10447Oct 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql…

  • CVE-2024-10446Oct 28, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to…

  • CVE-2024-10433Oct 28, 2024
    risk 0.00cvss epss 0.00

    A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack…

  • CVE-2024-10432Oct 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql injection. The attack can…

  • CVE-2024-10425Oct 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /student/project_selection/move_up_project.php of the component Project Selection Page. The manipulation…

  • CVE-2024-10424Oct 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Project Selection Page. The…

  • CVE-2024-10423Oct 27, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/project_selection/project_selection.php of the component Project Selection Page. The manipulation of the…

  • CVE-2024-45986Sep 26, 2024
    risk 0.00cvss epss 0.00

    A stored Cross-Site Scripting (XSS) vulnerability was identified in Projectworld Online Voting System 1.0 that occurs when an account is registered with a malicious javascript payload. The payload is stored and subsequently executed in the voter.php and profile.php pages…

  • CVE-2024-45987Sep 26, 2024
    risk 0.00cvss epss 0.00

    Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without…

  • CVE-2024-22983Feb 28, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.

  • CVE-2024-22922Jan 25, 2024
    risk 0.00cvss epss 0.01

    An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php

  • CVE-2024-0783Jan 22, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been…

  • CVE-2024-0730Jan 19, 2024
    risk 0.00cvss epss 0.01

    A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely.…

  • CVE-2024-0726Jan 19, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input…

  • CVE-2024-0650Jan 17, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input…

  • CVE-2024-0498Jan 13, 2024
    risk 0.00cvss epss 0.01

    A vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can…

  • CVE-2024-0266Jan 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch…

  • CVE-2023-44481Dec 21, 2023
    risk 0.00cvss epss 0.01

    Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45347Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45346Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45338Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45341Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45340Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45336Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45334Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.

  • CVE-2023-45323Nov 2, 2023
    risk 0.00cvss epss 0.01

    Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.