Filtered by vendor Projectworlds
Subscriptions
Total
91 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-45201 | 1 Projectworlds | 1 Online Examination System | 2024-09-05 | 6.1 Medium |
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | ||||
CVE-2023-45202 | 1 Projectworlds | 1 Online Examination System | 2024-09-05 | 6.1 Medium |
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | ||||
CVE-2023-45203 | 1 Projectworlds | 1 Online Examination System | 2024-09-05 | 6.1 Medium |
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | ||||
CVE-2023-46800 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-09-04 | 9.8 Critical |
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
CVE-2023-45116 | 1 Projectworlds | 1 Online Examination System | 2024-08-27 | 9.8 Critical |
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
CVE-2024-42843 | 1 Projectworlds | 1 Online Examination System | 2024-08-19 | 9.8 Critical |
Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. | ||||
CVE-2024-36597 | 1 Projectworlds | 1 Life Insurance Management System | 2024-08-08 | 8.8 High |
Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php. | ||||
CVE-2020-29205 | 1 Projectworlds | 1 Travel Management System | 2024-08-04 | 6.1 Medium |
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field | ||||
CVE-2020-27397 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-08-04 | 8.8 High |
Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file. | ||||
CVE-2020-25760 | 1 Projectworlds | 1 Visitor Management System In Php | 2024-08-04 | 8.8 High |
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. | ||||
CVE-2020-25761 | 1 Projectworlds | 1 Visitor Management System In Php | 2024-08-04 | 6.1 Medium |
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc. | ||||
CVE-2020-24202 | 1 Projectworlds | 1 House Rental And Property Listing Project | 2024-08-04 | 9.8 Critical |
File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | ||||
CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2024-08-04 | 9.8 Critical |
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | ||||
CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2024-08-04 | 9.8 Critical |
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | ||||
CVE-2020-23833 | 1 Projectworlds | 1 House Rental | 2024-08-04 | 9.8 Critical |
Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | ||||
CVE-2020-19110 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 9.8 Critical |
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | ||||
CVE-2020-19109 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 9.8 Critical |
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code. | ||||
CVE-2020-19113 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 9.8 Critical |
Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution. | ||||
CVE-2020-19107 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 9.8 Critical |
SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | ||||
CVE-2020-19112 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 9.8 Critical |
SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. |