Projectworlds Projectworlds

  1. Vendors
  2. Projectworlds

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Projectworlds product.

RSS Feeds for Projectworlds security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Projectworlds products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Projectworlds Sorted by Most Security Vulnerabilities since 2018

Projectworlds Online Food Ordering System24 vulnerabilities

Projectworlds Online Examination System22 vulnerabilities

Projectworlds Advanced Library Management System16 vulnerabilities

Projectworlds Online Time Table Generator15 vulnerabilities

Projectworlds Life Insurance Management System14 vulnerabilities

Projectworlds Travel Management System9 vulnerabilities

Projectworlds Online Art Gallery9 vulnerabilities

Projectworlds Online Lawyer Management System8 vulnerabilities

Projectworlds Visitor Management System7 vulnerabilities

Projectworlds Online Admission System7 vulnerabilities

Projectworlds Online Doctor Appointment Booking System Php Mysql6 vulnerabilities

Projectworlds Online Job Portal6 vulnerabilities

Projectworlds Student Project Allocation System6 vulnerabilities

Projectworlds Online Hotel Booking4 vulnerabilities

Projectworlds Expense Management System4 vulnerabilities

Projectworlds Online Voting System Project3 vulnerabilities

Projectworlds Visitor Management System Php3 vulnerabilities

Projectworlds Online Art Gallery Shop3 vulnerabilities

Projectworlds Doctor Appointment System3 vulnerabilities

Projectworlds Gate Pass Management System2 vulnerabilities

Projectworlds Car Rental Project2 vulnerabilities

Projectworlds Simple Web Based Chat Application2 vulnerabilities

Projectworlds Online Notes Sharing Platform2 vulnerabilities

Projectworlds Free Download Online Shopping System1 vulnerability

Projectworlds Online Shopping System1 vulnerability

Projectworlds Apartment Visitors Management System1 vulnerability

By the Year

In 2026 there have been 10 vulnerabilities in Projectworlds with an average score of 6.6 out of ten. Last year, in 2025 Projectworlds had 94 security vulnerabilities published. Right now, Projectworlds is on track to have less security vulnerabilities in 2026 than it did last year. Last year, the average CVE base score was greater by 1.83




Year Vulnerabilities Average Score
2026 10 6.63
2025 94 8.46
2024 24 8.43
2023 102 9.02
2022 5 7.70
2021 17 8.30
2020 5 9.80

It may take a day or so for new Projectworlds vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Projectworlds Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-3759 Mar 08, 2026
CVE-2026-3759 A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of the file /admin/adminHome.php. Such manipulation of the argument reach_nm leads to sql injection. The attack can be executed remotely. The exploit has been disclosed publicly and may be used.
Online Art Gallery Shop
CVE-2026-3758 Mar 08, 2026
CVE-2026-3758 A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown functionality of the file /admin/adminHome.php. This manipulation of the argument Info causes sql injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be used for attacks.
Online Art Gallery Shop
CVE-2026-3757 Mar 08, 2026
CVE-2026-3757 A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /?pass=1. The manipulation of the argument fnm results in sql injection. The attack may be launched remotely. The exploit has been released to the public and may be used for attacks.
Online Art Gallery Shop
CVE-2026-3406 Mar 02, 2026
CVE-2026-3406 A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Online Art Gallery
CVE-2025-70146 Feb 18, 2026
AuthN Bypass in /admin/ Scripts of ProjectWorlds Online Time Table Generator 1.0 Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session.
Online Time Table Generator
CVE-2025-70147 Feb 18, 2026
Missing Auth in PWorlds OTG 1.0 /admin Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session.
Online Time Table Generator
CVE-2026-2136 Feb 08, 2026
ProjectWorlds OOS 1.0 SQLi via /view-ticket.php ID A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
Online Food Ordering System
CVE-2026-1700 Jan 30, 2026
CVE-2026-1700 A weakness has been identified in projectworlds House Rental and Property Listing 1.0. This vulnerability affects unknown code of the file /app/sms.php. This manipulation of the argument Message causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
CVE-2026-0643 Jan 06, 2026
CVE-2026-0643 A flaw has been found in projectworlds House Rental and Property Listing 1.0. Impacted is an unknown function of the file /app/register.php?action=reg of the component Signup. This manipulation of the argument image causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be used.
CVE-2026-0642 Jan 06, 2026
CVE-2026-0642 A vulnerability was detected in projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /app/complaint.php. The manipulation of the argument Name results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used.
CVE-2025-14571 Dec 12, 2025
SQLi in Advanced Library Mgmt Sys 1.0 (/borrow_book.php) A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrow_book.php. Such manipulation of the argument roll_number leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Advanced Library Management System
CVE-2025-14570 Dec 12, 2025
SQLi in projectworlds ALMS 1.0 /view_admin.php admin_id A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
Advanced Library Management System
CVE-2025-14527 Dec 11, 2025
ProjectWorlds ALS 1.0: Remote SQLi via /view_book.php ARG book_id (VULN) A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing a manipulation of the argument book_id can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
Advanced Library Management System
CVE-2025-14212 Dec 08, 2025
ProjWorlds ALS 1.0 SQLi via /member_search.php (roll_number) A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /member_search.php. Executing a manipulation of the argument roll_number can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Advanced Library Management System
CVE-2025-14211 Dec 08, 2025
SQL Injection in ProjectWorlds ALMS 1.0 /delete_book.php A vulnerability was detected in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /delete_book.php. Performing a manipulation of the argument book_id results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used.
Advanced Library Management System
CVE-2025-14210 Dec 08, 2025
SQL Injection in /delete_member.php of ProjectWorlds ALMS 1.0 A security vulnerability has been detected in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /delete_member.php. Such manipulation of the argument user_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed publicly and may be used.
Advanced Library Management System
CVE-2025-13573 Nov 23, 2025
Unrestricted Upload in ProjectWorlds 1.0 via add_book.php A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
CVE-2025-13572 Nov 23, 2025
SQLi in projectworlds Advanced Library Mgmt Sys 1.0 via delete_admin.php A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument admin_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
Advanced Library Management System
CVE-2025-13278 Nov 17, 2025
SQLi in Project Worlds ALMS 1.0 /borrowed_book_search.php A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrowed_book_search.php. Such manipulation of the argument datefrom/dateto leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Advanced Library Management System
CVE-2025-13256 Nov 17, 2025
SQL Injection in Advanced Library Management System 1.0 /borrow.php A weakness has been identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrow.php. Executing a manipulation of the argument roll_number can lead to sql injection. It is possible to launch the attack remotely. The exploit has been made available to the public and could be used for attacks.
Advanced Library Management System
CVE-2025-13255 Nov 17, 2025
SQLi via book_search.php in Projectworlds Advanced Library Management System 1.0 A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. This issue affects some unknown processing of the file /book_search.php. Performing a manipulation of the argument book_pub/book_title results in sql injection. It is possible to initiate the attack remotely. The exploit has been released to the public and may be used for attacks.
Advanced Library Management System
CVE-2025-13254 Nov 17, 2025
SQLi in ProjectWorlds ALS 1.0 via /add_member.php roll_number A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /add_member.php. Such manipulation of the argument roll_number leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
Advanced Library Management System
CVE-2025-13253 Nov 16, 2025
SQLi in ProjectWorlds Advanced Library Management 1.0 /add_librarian.php A vulnerability was determined in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /add_librarian.php. This manipulation of the argument Username causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and may be utilized.
Advanced Library Management System
CVE-2025-12938 Nov 10, 2025
SQLi in projectworlds Online Admission System 1.0 /process_login.php A vulnerability was identified in projectworlds Online Admission System 1.0. Affected by this vulnerability is an unknown functionality of the file /process_login.php. The manipulation of the argument keywords leads to sql injection. The attack can be initiated remotely. The exploit is publicly available and might be used.
Online Admission System
CVE-2025-12862 Nov 07, 2025
Unrestricted Upload via image in /dashboard/userprofile.php of projectworlds Notes Platform 1.0 A vulnerability was identified in projectworlds Online Notes Sharing Platform 1.0. Affected by this issue is some unknown functionality of the file /dashboard/userprofile.php. Such manipulation of the argument image leads to unrestricted upload. The attack may be performed from remote. The exploit is publicly available and might be used.
Online Notes Sharing Platform
CVE-2025-12237 Oct 27, 2025
SQLi via /index.php in ProjectWorlds Advanced Library Management System 1.0 A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
Advanced Library Management System
CVE-2025-12231 Oct 27, 2025
XSS Vulnerability in Projectworlds E.M.S. 1.0 Expense Categories Page A security vulnerability has been detected in projectworlds Expense Management System 1.0. Affected is an unknown function of the file /public/admin/expense_categories/create of the component Expense Categories Page. Such manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed publicly and may be used.
Expense Management System
CVE-2025-12230 Oct 27, 2025
XSS in ProjectWorlds Expense Management System 1.0 Currency Page (create) A weakness has been identified in projectworlds Expense Management System 1.0. This impacts an unknown function of the file /public/admin/currencies/create of the component Currency Page. This manipulation causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be used for attacks.
Expense Management System
CVE-2025-12229 Oct 27, 2025
XSS in /public/admin/roles/create of Expense Mgmt Sys 1.0 A security flaw has been discovered in projectworlds Expense Management System 1.0. This affects an unknown function of the file /public/admin/roles/create of the component Roles Page. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit has been released to the public and may be used for attacks.
Expense Management System
CVE-2025-12228 Oct 27, 2025
Expense Mgmt Sys 1.0 XSS via /admin/users/create (Remote) A vulnerability was identified in projectworlds Expense Management System 1.0. The impacted element is an unknown function of the file /public/admin/users/create of the component Users Page. The manipulation leads to cross site scripting. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
Expense Management System
CVE-2025-12227 Oct 27, 2025
ProjectWorlds Gate Pass 1.0 XSS via /add-pass.php (remote) A vulnerability was determined in projectworlds Gate Pass Management System 1.0. The affected element is an unknown function of the file /add-pass.php. Executing a manipulation can lead to cross site scripting. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized.
Gate Pass Management System
CVE-2025-12215 Oct 27, 2025
SQLi in projectworlds Online Shopping Sys 1.0 via /login_submit.php A flaw has been found in projectworlds Online Shopping System 1.0. Impacted is an unknown function of the file /login_submit.php. Executing a manipulation of the argument keywords can lead to sql injection. The attack may be launched remotely. The exploit has been published and may be used.
Online Shopping System
CVE-2025-11604 Oct 11, 2025
Remote SQLi via Status param in ProjectWorlds Online Ordering 1.0 A vulnerability was determined in projectworlds Online Ordering Food System 1.0. This issue affects some unknown processing of the file /all-orders.php. This manipulation of the argument Status causes sql injection. Remote exploitation of the attack is possible. The exploit has been publicly disclosed and may be utilized.
CVE-2025-11557 Oct 09, 2025
SQLi in projectworlds Gate Pass System 1.0 via /add-pass.php fullname A vulnerability has been found in projectworlds Gate Pass Management System 1.0. This issue affects some unknown processing of the file /add-pass.php. Such manipulation of the argument fullname leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
Gate Pass Management System
CVE-2025-11475 Oct 08, 2025
ProjectWorlds ALM 1.0 SQLi via /view_member.php (user_id) A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. Executing a manipulation of the argument user_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Advanced Library Management System
CVE-2025-11426 Oct 08, 2025
Unrestricted File Upload in ProjectWorlds AIMS 1.0 /edit_book.php A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_book.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
Advanced Library Management System
CVE-2025-11425 Oct 08, 2025
Advanced Library Mgmt Sys 1.0 XSS via edit_admin.php Firstname Param A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /edit_admin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used. Other parameters might be affected as well.
Advanced Library Management System
CVE-2025-11103 Sep 28, 2025
Unrestricted File Upload in Projectworlds OT&T 1.0 via /admin/change-image.php A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used.
CVE-2025-11070 Sep 27, 2025
Remote SQLi via ID in /store/cart_add.php - Projectworlds 1.0 A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cart_add.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.
CVE-2025-11067 Sep 27, 2025
Remote XSS in PW Visitor Management 1.0 (Add Visitor Page) via Name A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Visitor Management System
CVE-2025-9053 Aug 15, 2025
ProjectWorlds TravelMgmt 1.0: Remote SQLi via updatesubcategory.php A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /updatesubcategory.php. The manipulation of the argument t1/s1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Travel Management System
CVE-2025-9052 Aug 15, 2025
SQLi via s1 in ProjectWorlds TMS 1.0 /updatepackage.php (Remote) A vulnerability was identified in projectworlds Travel Management System 1.0. This affects an unknown part of the file /updatepackage.php. The manipulation of the argument s1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Travel Management System
CVE-2025-9051 Aug 15, 2025
SQLi in ProjectWorlds TravelManage 1.0 /updatecategory.php (t1) A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Travel Management System
CVE-2025-9050 Aug 15, 2025
SQLi in projectworlds Travel Management System 1.0 /addcategory.php (t1) A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation of the argument t1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Travel Management System
CVE-2025-9047 Aug 15, 2025
Projectworlds VMS 1.0 SQLi via visitor_out.php rid A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Visitor Management System
CVE-2025-8948 Aug 14, 2025
SQLi in projectworlds VMS 1.0 via /front.php rid param A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Visitor Management System
CVE-2025-8947 Aug 14, 2025
ProjectWorlds VisitorMgmt 1.0 Remote SQLi via query_data.php A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Visitor Management System
CVE-2025-8946 Aug 14, 2025
Online Notes Sharing Platform 1.0: /login.php SQLi via User parameter A vulnerability has been found in projectworlds Online Notes Sharing Platform 1.0. This vulnerability affects unknown code of the file /login.php. The manipulation of the argument User leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
Online Notes Sharing Platform
CVE-2025-8496 Aug 03, 2025
ProjectWorlds Online Admission System 1.0 Remote SQLi via /viewform.php ID A vulnerability has been found in projectworlds Online Admission System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /viewform.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
Online Admission System
CVE-2025-8471 Aug 02, 2025
Project Worlds Online Admission System 1.0 - Remote SQLi via adminlogin.php a_id A vulnerability, which was classified as critical, has been found in projectworlds Online Admission System 1.0. This issue affects some unknown processing of the file /adminlogin.php. The manipulation of the argument a_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Online Admission System
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.