A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 14 Aug 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 14 Aug 2025 17:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:projectworlds:visitor_management_system:1.0:*:*:*:*:*:*:*

Thu, 14 Aug 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Projectworlds
Projectworlds visitor Management System
Vendors & Products Projectworlds
Projectworlds visitor Management System

Thu, 14 Aug 2025 07:00:00 +0000

Type Values Removed Values Added
Description A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title projectworlds Visitor Management System query_data.php sql injection
Weaknesses CWE-74
CWE-89
References
Metrics cvssV2_0

{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 7.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 7.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 6.9, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2025-08-14T19:44:59.498Z

Reserved: 2025-08-13T13:51:30.641Z

Link: CVE-2025-8947

cve-icon Vulnrichment

Updated: 2025-08-14T19:44:26.968Z

cve-icon NVD

Status : Analyzed

Published: 2025-08-14T07:15:27.157

Modified: 2025-08-14T17:41:26.367

Link: CVE-2025-8947

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2025-08-14T12:50:34Z