Filtered by vendor Projectworlds
Subscribe
Total
217 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-45325 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45323 | 1 Projectworlds | 1 Online Food Ordering System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-45203 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
|
|||||
| CVE-2023-45202 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
|
|||||
| CVE-2023-45201 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
|
|||||
| CVE-2023-44484 | 1 Projectworlds | 1 Online Blood Donation Management System | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
|
|||||
| CVE-2023-44482 | 1 Projectworlds | 1 Leave Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-44481 | 1 Projectworlds | 1 Leave Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-44480 | 1 Projectworlds | 1 Leave Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-44267 | 1 Projectworlds | 1 Online Art Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
|
|||||
| CVE-2023-44174 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Online Movie Ticket Booking System v1.0 is vulnerable to
an authenticated Stored Cross-Site Scripting vulnerability.
|
|||||
| CVE-2023-44173 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Online Movie Ticket Booking System v1.0 is vulnerable to
an authenticated Reflected Cross-Site Scripting vulnerability.
|
|||||
| CVE-2023-44166 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The 'age' parameter of the process_registration.php resource
does not validate the characters received and they
are sent unfiltered to the database.
|
|||||
| CVE-2023-44164 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The 'Email' parameter of the process_login.php resource
does not validate the characters received and they
are sent unfiltered to the database.
|
|||||
| CVE-2023-44163 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
The 'search' parameter of the process_search.php resource
does not validate the characters received and they
are sent unfiltered to the database.
|
|||||
| CVE-2023-43740 | 1 Projectworlds | 1 Online Book Store Project | 2024-11-21 | N/A | 8.8 HIGH |
|
Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of
admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting
the application.
|
|||||
| CVE-2023-43144 | 1 Projectworlds | 1 Asset Management System Project In Php | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.
|
|||||
| CVE-2023-43014 | 1 Projectworlds | 1 Asset Management System | 2024-11-21 | N/A | 8.8 HIGH |
|
Asset Management System v1.0 is vulnerable to
an Authenticated SQL Injection vulnerability
on the 'first_name' and 'last_name' parameters
of user.php page, allowing an authenticated
attacker to dump all the contents of the database
contents.
|
|||||
| CVE-2023-43013 | 1 Projectworlds | 1 Asset Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Asset Management System v1.0 is vulnerable to an
unauthenticated SQL Injection vulnerability on the
'email' parameter of index.php page, allowing an
external attacker to dump all the contents of the
database contents and bypass the login control.
|
|||||
| CVE-2021-46307 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.
|
|||||
| CVE-2021-46024 | 1 Projectworlds | 1 Online-shopping-webvsite-in-php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.
|
|||||
| CVE-2021-45852 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.
|
|||||
| CVE-2021-44866 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.
|
|||||
| CVE-2021-43631 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.
|
|||||
| CVE-2021-43630 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.
|
|||||
| CVE-2021-43629 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.
|
|||||
| CVE-2021-43628 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.
|
|||||
| CVE-2021-43156 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.
|
|||||
| CVE-2021-43155 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.
|
|||||
| CVE-2020-29205 | 1 Projectworlds | 1 Travel Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field
|
|||||
| CVE-2020-27397 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file.
|
|||||
| CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.
|
|||||
| CVE-2020-24202 | 1 Projectworlds | 1 House Rental And Property Listing Project | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.
|
|||||
| CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.
|
|||||
| CVE-2020-23833 | 1 Projectworlds | 1 House Rental | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.
|
|||||
| CVE-2020-19114 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2020-19113 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.
|
|||||
| CVE-2020-19112 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.
|
|||||
| CVE-2020-19111 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.
|
|||||
| CVE-2020-19110 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.
|
|||||