Vendor CVEs
Projectworlds
All CVEs
200 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-45019 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45018 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-45015 | 0.00 | — | 0.01 | Nov 2, 2023 | Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database. | |||
| CVE-2023-44484 | 0.00 | — | 0.00 | Oct 31, 2023 | Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the… | |||
| CVE-2023-5053 | 0.00 | — | 0.01 | Sep 28, 2023 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | |||
| CVE-2023-5004 | 0.00 | — | 0.01 | Sep 28, 2023 | Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | |||
| CVE-2023-43144 | 0.00 | — | 0.01 | Sep 22, 2023 | Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. | |||
| CVE-2023-3694 | 0.00 | — | 0.01 | Jul 16, 2023 | A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument keywords/location leads to sql injection.… | |||
| CVE-2023-3693 | 0.00 | — | 0.01 | Jul 16, 2023 | A vulnerability classified as critical was found in SourceCodester Life Insurance Management System 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The… | |||
| CVE-2023-37152 | 0.00 | — | 0.02 | Jul 10, 2023 | Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability. | |||
| CVE-2023-3165 | 0.00 | — | 0.01 | Jun 8, 2023 | A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the… | |||
| CVE-2023-1432 | 0.00 | — | 0.01 | Mar 16, 2023 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to… | |||
| CVE-2023-24191 | 0.00 | — | 0.00 | Feb 6, 2023 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php. | |||
| CVE-2023-24192 | 0.00 | — | 0.00 | Feb 6, 2023 | Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php. | |||
| CVE-2023-24197 | 0.00 | — | 0.00 | Feb 6, 2023 | Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php. | |||
| CVE-2020-29297 | 0.00 | — | 0.01 | Jan 20, 2023 | Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0. | |||
| CVE-2023-0332 | 0.00 | — | 0.01 | Jan 17, 2023 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack… | |||
| CVE-2023-0305 | 0.00 | — | 0.01 | Jan 15, 2023 | A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be… | |||
| CVE-2023-0304 | 0.00 | — | 0.01 | Jan 15, 2023 | A vulnerability classified as critical has been found in SourceCodester Online Food Ordering System. This affects an unknown part of the file admin_class.php of the component Signup Module. The manipulation of the argument email leads to sql injection. It is possible to initiate… | |||
| CVE-2023-0303 | 0.00 | — | 0.01 | Jan 15, 2023 | A vulnerability was found in SourceCodester Online Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file view_prod.php. The manipulation of the argument id leads to sql injection. The attack may be launched… | |||
| CVE-2023-0258 | 0.00 | — | 0.00 | Jan 12, 2023 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Category List Handler. The manipulation of the argument Reason with the input… | |||
| CVE-2023-0257 | 0.00 | — | 0.01 | Jan 12, 2023 | A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image… | |||
| CVE-2022-33880 | 0.00 | — | 0.01 | Sep 29, 2022 | hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter. | |||
| CVE-2022-2767 | 0.00 | — | 0.00 | Aug 11, 2022 | A vulnerability classified as problematic has been found in SourceCodester Online Admission System. This affects an unknown part of the file /index.php. The manipulation of the argument student_add leads to cross site scripting. It is possible to initiate the attack remotely.… | |||
| CVE-2022-2681 | 0.00 | — | 0.00 | Aug 5, 2022 | A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input… | |||
| CVE-2022-2646 | 0.00 | — | 0.01 | Aug 4, 2022 | A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8 leads to cross site scripting. It… | |||
| CVE-2022-2644 | 0.00 | — | 0.01 | Aug 4, 2022 | A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the… | |||
| CVE-2022-2643 | 0.00 | — | 0.01 | Aug 4, 2022 | A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated… | |||
| CVE-2021-46024 | 0.00 | — | 0.01 | Jan 23, 2022 | Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. | |||
| CVE-2021-43157 | 0.00 | — | 0.01 | Dec 22, 2021 | Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. | |||
| CVE-2021-43158 | 0.00 | — | 0.00 | Dec 22, 2021 | In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. | |||
| CVE-2021-43631 | 0.00 | — | 0.01 | Dec 22, 2021 | Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. | |||
| CVE-2021-43630 | 0.00 | — | 0.02 | Dec 22, 2021 | Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on… | |||
| CVE-2021-43629 | 0.00 | — | 0.01 | Dec 22, 2021 | Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. | |||
| CVE-2021-43628 | 0.00 | — | 0.01 | Dec 22, 2021 | Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. | |||
| CVE-2021-41644 | 0.00 | — | 0.02 | Oct 29, 2021 | Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters. | |||
| CVE-2021-25208 | 0.00 | — | 0.02 | Jul 23, 2021 | Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. | |||
| CVE-2021-25213 | 0.00 | — | 0.01 | Jul 22, 2021 | SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php. | |||
| CVE-2020-25408 | 0.00 | — | 0.01 | May 24, 2021 | A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data. | |||
| CVE-2020-25409 | 0.00 | — | 0.02 | May 24, 2021 | Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters. | |||
| CVE-2020-29285 | 0.00 | — | 0.01 | Dec 2, 2020 | SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php. | |||
| CVE-2020-25273 | 0.00 | — | 0.02 | Oct 8, 2020 | In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection. | |||
| CVE-2020-25272 | 0.00 | — | 0.01 | Oct 8, 2020 | In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php. | |||
| CVE-2020-25761 | 0.00 | — | 0.02 | Sep 29, 2020 | Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive… | |||
| CVE-2020-25760 | 0.00 | — | 0.02 | Sep 29, 2020 | Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. | |||
| CVE-2020-23833 | 0.00 | — | 0.04 | Sep 15, 2020 | Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | |||
| CVE-2020-24203 | 0.00 | — | 0.04 | Aug 27, 2020 | Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | |||
| CVE-2020-24202 | 0.00 | — | 0.03 | Aug 27, 2020 | File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | |||
| CVE-2020-11544 | 0.00 | — | 0.01 | Apr 6, 2020 | An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no… | |||
| CVE-2020-11545 | 0.00 | — | 0.02 | Apr 6, 2020 | Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to… |
- CVE-2023-45019Nov 2, 2023risk 0.00cvss —epss 0.01
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'category' parameter of the category.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45018Nov 2, 2023risk 0.00cvss —epss 0.01
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the includes/login.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-45015Nov 2, 2023risk 0.00cvss —epss 0.01
Online Bus Booking System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'date' parameter of the bus_info.php resource does not validate the characters received and they are sent unfiltered to the database.
- CVE-2023-44484Oct 31, 2023risk 0.00cvss —epss 0.00
Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the…
- CVE-2023-5053Sep 28, 2023risk 0.00cvss —epss 0.01
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
- CVE-2023-5004Sep 28, 2023risk 0.00cvss —epss 0.01
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
- CVE-2023-43144Sep 22, 2023risk 0.00cvss —epss 0.01
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.
- CVE-2023-3694Jul 16, 2023risk 0.00cvss —epss 0.01
A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument keywords/location leads to sql injection.…
- CVE-2023-3693Jul 16, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in SourceCodester Life Insurance Management System 1.0. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The…
- CVE-2023-37152Jul 10, 2023risk 0.00cvss —epss 0.02
Projectworlds Online Art Gallery Project 1.0 allows unauthenticated users to perform arbitrary file uploads via the adminHome.php page. Note: This has been disputed as not a valid vulnerability.
- CVE-2023-3165Jun 8, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Life Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file insertNominee.php of the component POST Parameter Handler. The manipulation of the…
- CVE-2023-1432Mar 16, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Food Ordering System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /fos/admin/ajax.php?action=save_settings of the component POST Request Handler. The manipulation leads to…
- CVE-2023-24191Feb 6, 2023risk 0.00cvss —epss 0.00
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in signup.php.
- CVE-2023-24192Feb 6, 2023risk 0.00cvss —epss 0.00
Online Food Ordering System v2 was discovered to contain a cross-site scripting (XSS) vulnerability via the redirect parameter in login.php.
- CVE-2023-24197Feb 6, 2023risk 0.00cvss —epss 0.00
Online Food Ordering System v2 was discovered to contain a SQL injection vulnerability via the id parameter at view_order.php.
- CVE-2020-29297Jan 20, 2023risk 0.00cvss —epss 0.01
Multiple SQL Injection vulnerabilities in tourist5 Online-food-ordering-system 1.0.
- CVE-2023-0332Jan 17, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been classified as critical. Affected is an unknown function of the file admin/manage_user.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack…
- CVE-2023-0305Jan 15, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical was found in SourceCodester Online Food Ordering System. This vulnerability affects unknown code of the file admin_class.php of the component Login Module. The manipulation of the argument username leads to sql injection. The attack can be…
- CVE-2023-0304Jan 15, 2023risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in SourceCodester Online Food Ordering System. This affects an unknown part of the file admin_class.php of the component Signup Module. The manipulation of the argument email leads to sql injection. It is possible to initiate…
- CVE-2023-0303Jan 15, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Food Ordering System. It has been rated as critical. Affected by this issue is some unknown functionality of the file view_prod.php. The manipulation of the argument id leads to sql injection. The attack may be launched…
- CVE-2023-0258Jan 12, 2023risk 0.00cvss —epss 0.00
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Category List Handler. The manipulation of the argument Reason with the input…
- CVE-2023-0257Jan 12, 2023risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Food Ordering System 2.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fos/admin/index.php?page=menu of the component Menu Form. The manipulation of the argument Image…
- CVE-2022-33880Sep 29, 2022risk 0.00cvss —epss 0.01
hms-staff.php in Projectworlds Hospital Management System Mini-Project through 2018-06-17 allows SQL injection via the type parameter.
- CVE-2022-2767Aug 11, 2022risk 0.00cvss —epss 0.00
A vulnerability classified as problematic has been found in SourceCodester Online Admission System. This affects an unknown part of the file /index.php. The manipulation of the argument student_add leads to cross site scripting. It is possible to initiate the attack remotely.…
- CVE-2022-2681Aug 5, 2022risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in SourceCodester Online Student Admission System. Affected by this vulnerability is an unknown functionality of the file edit-profile.php of the component Student User Page. The manipulation with the input…
- CVE-2022-2646Aug 4, 2022risk 0.00cvss —epss 0.01
A vulnerability, which was classified as problematic, was found in SourceCodester Online Admission System. Affected is an unknown function of the file index.php. The manipulation of the argument eid with the input 8 leads to cross site scripting. It…
- CVE-2022-2644Aug 4, 2022risk 0.00cvss —epss 0.01
A vulnerability was found in SourceCodester Online Admission System and classified as critical. This issue affects some unknown processing of the component GET Parameter Handler. The manipulation of the argument eid leads to sql injection. The exploit has been disclosed to the…
- CVE-2022-2643Aug 4, 2022risk 0.00cvss —epss 0.01
A vulnerability has been found in SourceCodester Online Admission System and classified as critical. This vulnerability affects unknown code of the component POST Parameter Handler. The manipulation of the argument shift leads to sql injection. The attack can be initiated…
- CVE-2021-46024Jan 23, 2022risk 0.00cvss —epss 0.01
Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.
- CVE-2021-43157Dec 22, 2021risk 0.00cvss —epss 0.01
Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php.
- CVE-2021-43158Dec 22, 2021risk 0.00cvss —epss 0.00
In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.
- CVE-2021-43631Dec 22, 2021risk 0.00cvss —epss 0.01
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.
- CVE-2021-43630Dec 22, 2021risk 0.00cvss —epss 0.02
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on…
- CVE-2021-43629Dec 22, 2021risk 0.00cvss —epss 0.01
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.
- CVE-2021-43628Dec 22, 2021risk 0.00cvss —epss 0.01
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.
- CVE-2021-41644Oct 29, 2021risk 0.00cvss —epss 0.02
Remote Code Exection (RCE) vulnerability exists in Sourcecodester Online Food Ordering System 2.0 via a maliciously crafted PHP file that bypasses the image upload filters.
- CVE-2021-25208Jul 23, 2021risk 0.00cvss —epss 0.02
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
- CVE-2021-25213Jul 22, 2021risk 0.00cvss —epss 0.01
SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php.
- CVE-2020-25408May 24, 2021risk 0.00cvss —epss 0.01
A Cross-Site Request Forgery (CSRF) vulnerability exists in ProjectWorlds College Management System Php 1.0 that allows a remote attacker to modify, delete, or make a new entry of the student, faculty, teacher, subject, scores, location, and article data.
- CVE-2020-25409May 24, 2021risk 0.00cvss —epss 0.02
Projectsworlds College Management System Php 1.0 is vulnerable to SQL injection issues over multiple parameters.
- CVE-2020-29285Dec 2, 2020risk 0.00cvss —epss 0.01
SQL injection vulnerability was discovered in Point of Sales in PHP/PDO 1.0, which can be exploited via the id parameter to edit_category.php.
- CVE-2020-25273Oct 8, 2020risk 0.00cvss —epss 0.02
In SourceCodester Online Bus Booking System 1.0, there is Authentication bypass on the Admin Login screen in admin.php via username or password SQL injection.
- CVE-2020-25272Oct 8, 2020risk 0.00cvss —epss 0.01
In SourceCodester Online Bus Booking System 1.0, there is XSS through the name parameter in book_now.php.
- CVE-2020-25761Sep 29, 2020risk 0.00cvss —epss 0.02
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive…
- CVE-2020-25760Sep 29, 2020risk 0.00cvss —epss 0.02
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
- CVE-2020-23833Sep 15, 2020risk 0.00cvss —epss 0.04
Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.
- CVE-2020-24203Aug 27, 2020risk 0.00cvss —epss 0.04
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.
- CVE-2020-24202Aug 27, 2020risk 0.00cvss —epss 0.03
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.
- CVE-2020-11544Apr 6, 2020risk 0.00cvss —epss 0.01
An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no…
- CVE-2020-11545Apr 6, 2020risk 0.00cvss —epss 0.02
Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to…
Page 4 of 4