Filtered by vendor Projectworlds
Subscribe
Total
135 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-44482 | 1 Projectworlds | 1 Leave Management System | 2024-11-21 | N/A | 8.8 HIGH |
| Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44481 | 1 Projectworlds | 1 Leave Management System | 2024-11-21 | N/A | 8.8 HIGH |
| Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44480 | 1 Projectworlds | 1 Leave Management System | 2024-11-21 | N/A | 8.8 HIGH |
| Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44267 | 1 Projectworlds | 1 Online Art Gallery | 2024-11-21 | N/A | 9.8 CRITICAL |
| Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44174 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 6.4 MEDIUM |
| Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability. | |||||
| CVE-2023-44173 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability. | |||||
| CVE-2023-44166 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
| The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44164 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
| The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44163 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | N/A | 9.8 CRITICAL |
| The 'search' parameter of the process_search.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-43740 | 1 Projectworlds | 1 Online Book Store Project | 2024-11-21 | N/A | 8.8 HIGH |
| Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | |||||
| CVE-2023-43144 | 1 Projectworlds | 1 Asset Management System Project In Php | 2024-11-21 | N/A | 9.8 CRITICAL |
| Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. | |||||
| CVE-2023-43014 | 1 Projectworlds | 1 Asset Management System | 2024-11-21 | N/A | 8.8 HIGH |
| Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | |||||
| CVE-2023-43013 | 1 Projectworlds | 1 Asset Management System | 2024-11-21 | N/A | 9.8 CRITICAL |
| Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control. | |||||
| CVE-2021-46307 | 1 Projectworlds | 1 Online Examination System | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php. | |||||
| CVE-2021-46024 | 1 Projectworlds | 1 Online-shopping-webvsite-in-php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required. | |||||
| CVE-2021-45852 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php. | |||||
| CVE-2021-44866 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database. | |||||
| CVE-2021-43631 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php. | |||||
| CVE-2021-43630 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server. | |||||
| CVE-2021-43629 | 1 Projectworlds | 1 Hospital Management System In Php | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php. | |||||