Filtered by vendor Projectworlds Subscriptions
Total 104 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-45120 1 Projectworlds 1 Online Examination System 2024-11-21 9.8 Critical
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-45119 1 Projectworlds 1 Online Examination System 2024-11-21 9.8 Critical
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-45118 1 Projectworlds 1 Online Examination System 2024-11-21 9.8 Critical
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-45117 1 Projectworlds 1 Online Examination System 2024-11-21 9.8 Critical
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-45116 1 Projectworlds 1 Online Examination System 2024-11-21 9.8 Critical
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-45115 1 Projectworlds 1 Online Examination System 2024-11-21 9.8 Critical
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44484 1 Projectworlds 1 Online Blood Donation Management System 2024-11-21 6.1 Medium
Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
CVE-2023-44482 1 Projectworlds 1 Leave Management System 2024-11-21 8.8 High
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44481 1 Projectworlds 1 Leave Management System 2024-11-21 8.8 High
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44480 1 Projectworlds 1 Leave Management System 2024-11-21 8.8 High
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44267 1 Projectworlds 1 Online Art Gallery 2024-11-21 9.8 Critical
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44174 1 Projectworlds 1 Online Movie Ticket Booking System 2024-11-21 6.4 Medium
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability.
CVE-2023-44173 1 Projectworlds 1 Online Movie Ticket Booking System 2024-11-21 5.4 Medium
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability.
CVE-2023-44166 1 Projectworlds 1 Online Movie Ticket Booking System 2024-11-21 9.8 Critical
The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44164 1 Projectworlds 1 Online Movie Ticket Booking System 2024-11-21 9.8 Critical
The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-44163 1 Projectworlds 1 Online Movie Ticket Booking System 2024-11-21 9.8 Critical
The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database.
CVE-2023-43740 1 Projectworlds 1 Online Book Store Project 2024-11-21 8.8 High
Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
CVE-2023-43144 1 Projectworlds 1 Asset Management System Project In Php 2024-11-21 9.8 Critical
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.
CVE-2023-43014 1 Projectworlds 1 Asset Management System 2024-11-21 8.8 High
Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents.
CVE-2023-43013 1 Projectworlds 1 Asset Management System 2024-11-21 9.8 Critical
Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.