Filtered by vendor Projectworlds
Subscriptions
Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-43740 | 1 Projectworlds | 1 Online Book Store Project | 2024-08-02 | 8.8 High |
| Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | ||||
| CVE-2023-43144 | 1 Projectworlds | 1 Asset Management System Project In Php | 2024-08-02 | 9.8 Critical |
| Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. | ||||
| CVE-2023-43013 | 1 Projectworlds | 1 Asset Management System | 2024-08-02 | 9.8 Critical |
| Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | ||||
| CVE-2023-43014 | 1 Projectworlds | 1 Asset Management System | 2024-08-02 | 8.8 High |
| Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | ||||
| CVE-2023-5185 | 1 Projectworlds | 1 Gym Management System Project | 2024-08-02 | 9.1 Critical |
| Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | ||||
| CVE-2023-5053 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-08-02 | 9.8 Critical |
| Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | ||||
| CVE-2023-5004 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-08-02 | 9.8 Critical |
| Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI. | ||||
| CVE-2024-36598 | 1 Projectworlds | 1 Life Insurance Management System | 2024-08-02 | 8.1 High |
| An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. | ||||
| CVE-2024-22922 | 1 Projectworlds | 1 Visitor Management System In Php | 2024-08-01 | 9.8 Critical |
| An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php | ||||
| CVE-2024-0730 | 1 Projectworlds | 1 Online Time Table Generator | 2024-08-01 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability. | ||||
| CVE-2024-0262 | 1 Projectworlds | 1 Online Job Portal | 2024-08-01 | 2.4 Low |
| A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input </title><scRipt>alert(0x00C57D)</scRipt> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability. | ||||