Filtered by vendor Projectworlds
Subscriptions
Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-19108 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 9.8 Critical |
| SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-19111 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 9.8 Critical |
| Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information. | ||||
| CVE-2020-19114 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 9.8 Critical |
| SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | ||||
| CVE-2020-11545 | 1 Projectworlds | 1 Official Car Rental System | 2024-08-04 | 9.8 Critical |
| Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt. | ||||
| CVE-2020-11544 | 1 Projectworlds | 1 Official Car Rental System | 2024-08-04 | 7.2 High |
| An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files. | ||||
| CVE-2021-46307 | 1 Projectworlds | 1 Online Examination System | 2024-08-04 | 9.8 Critical |
| An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | ||||
| CVE-2021-46024 | 1 Projectworlds | 1 Online-shopping-webvsite-in-php | 2024-08-04 | 9.8 Critical |
| Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. | ||||
| CVE-2021-45852 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-08-04 | 5.3 Medium |
| An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php. | ||||
| CVE-2021-44866 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-08-04 | 7.5 High |
| An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database. | ||||
| CVE-2021-43631 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-08-04 | 9.8 Critical |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. | ||||
| CVE-2021-43630 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-08-04 | 8.8 High |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server. | ||||
| CVE-2021-43629 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-08-04 | 9.8 Critical |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. | ||||
| CVE-2021-43628 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-08-04 | 9.8 Critical |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php. | ||||
| CVE-2021-43156 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 6.5 Medium |
| In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book. | ||||
| CVE-2021-43157 | 1 Projectworlds | 1 Online Shopping System In Php | 2024-08-04 | 9.8 Critical |
| Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php. | ||||
| CVE-2021-43155 | 1 Projectworlds | 1 Online Book Store Project In Php | 2024-08-04 | 9.8 Critical |
| Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php. | ||||
| CVE-2021-43158 | 1 Projectworlds | 1 Online Shopping System In Php | 2024-08-04 | 4.3 Medium |
| In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart. | ||||
| CVE-2022-42066 | 1 Projectworlds | 1 Online Examination System | 2024-08-03 | 6.1 Medium |
| Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php. | ||||
| CVE-2023-48716 | 1 Projectworlds | 1 Student Result Management System | 2024-08-02 | 9.8 Critical |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||
| CVE-2023-48689 | 1 Projectworlds | 1 Railway Reservation System | 2024-08-02 | 9.8 Critical |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | ||||