Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-29205 | 1 Projectworlds | 1 Travel Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field | |||||
| CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | |||||
| CVE-2024-51327 | 1 Projectworlds | 1 Travel Management System | 2024-11-06 | N/A | 9.8 CRITICAL |
| SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields. | |||||
| CVE-2024-51326 | 1 Projectworlds | 1 Travel Management System | 2024-11-06 | N/A | 7.5 HIGH |
| SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. | |||||