Filtered by vendor Projectworlds
Subscribe
Total
90 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-44481 | 1 Projectworlds | 1 Leave Management System | 2024-02-28 | N/A | 8.8 HIGH |
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-46785 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-02-28 | N/A | 9.8 CRITICAL |
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-48689 | 1 Projectworlds | 1 Railway Reservation System | 2024-02-28 | N/A | 9.8 CRITICAL |
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-46679 | 1 Projectworlds | 1 Online Job Portal | 2024-02-28 | N/A | 9.8 CRITICAL |
Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-48433 | 1 Projectworlds | 1 Online Voting System Project | 2024-02-28 | N/A | 9.8 CRITICAL |
Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-46800 | 1 Projectworlds | 1 Online Matrimonial Project | 2024-02-28 | N/A | 9.8 CRITICAL |
Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-46677 | 1 Projectworlds | 1 Online Job Portal | 2024-02-28 | N/A | 9.8 CRITICAL |
Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-45117 | 1 Projectworlds | 1 Online Examination System | 2024-02-28 | N/A | 8.8 HIGH |
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-43144 | 1 Projectworlds | 1 Asset Management System Project In Php | 2024-02-28 | N/A | 9.8 CRITICAL |
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php. | |||||
CVE-2023-43014 | 1 Projectworlds | 1 Asset Management System | 2024-02-28 | N/A | 8.8 HIGH |
Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents. | |||||
CVE-2023-45341 | 1 Projectworlds | 1 Online Food Ordering System | 2024-02-28 | N/A | 9.8 CRITICAL |
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-45202 | 1 Projectworlds | 1 Online Examination System | 2024-02-28 | N/A | 6.1 MEDIUM |
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL. | |||||
CVE-2023-44484 | 1 Projectworlds | 1 Online Blood Donation Management System | 2024-02-28 | N/A | 6.1 MEDIUM |
Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response. | |||||
CVE-2023-45325 | 1 Projectworlds | 1 Online Food Ordering System | 2024-02-28 | N/A | 9.8 CRITICAL |
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-45343 | 1 Projectworlds | 1 Online Food Ordering System | 2024-02-28 | N/A | 9.8 CRITICAL |
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-45342 | 1 Projectworlds | 1 Online Food Ordering System | 2024-02-28 | N/A | 9.8 CRITICAL |
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-44480 | 1 Projectworlds | 1 Leave Management System | 2024-02-28 | N/A | 8.8 HIGH |
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-43740 | 1 Projectworlds | 1 Online Book Store Project | 2024-02-28 | N/A | 8.8 HIGH |
Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application. | |||||
CVE-2023-44164 | 1 Projectworlds | 1 Online Movie Ticket Booking System | 2024-02-28 | N/A | 9.8 CRITICAL |
The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
CVE-2023-45334 | 1 Projectworlds | 1 Online Food Ordering System | 2024-02-28 | N/A | 9.8 CRITICAL |
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database. |