Projectworlds Projectworlds

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Projectworlds product.

Products by Projectworlds Sorted by Most Security Vulnerabilities since 2018

By the Year

In 2025 there have been 0 vulnerabilities in Projectworlds. Last year, in 2024 Projectworlds had 18 security vulnerabilities published. Right now, Projectworlds is on track to have less security vulnerabilities in 2025 than it did last year.




Year Vulnerabilities Average Score
2025 0 0.00
2024 18 8.73
2023 102 9.02
2022 5 7.70
2021 17 9.01
2020 5 8.34
2019 0 0.00
2018 0 0.00

It may take a day or so for new Projectworlds vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Projectworlds Security Vulnerabilities

SQL Injection in Project Worlds Shopping System

CVE-2024-11059 9.8 - Critical - November 11, 2024

A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

ProjectWorld TMS v1.0 SQLi Auth Bypass

CVE-2024-51327 9.8 - Critical - November 04, 2024

SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.

SQL Injection

SQL Injection in Travel Management System v1.0

CVE-2024-51326 7.5 - High - November 04, 2024

SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.

SQL Injection

SQL Injection Vulnerability in Project Worlds Life Insurance Management System v1.0 editNominee.php

CVE-2024-10735 9.8 - Critical - November 03, 2024

A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

SQL Injection Vulnerability in Project Worlds Life Insurance Management System v1.0 editPayment.php

CVE-2024-10734 9.8 - Critical - November 03, 2024

A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0

CVE-2024-10447 8.8 - High - October 28, 2024

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.

SQL Injection

A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0

CVE-2024-10446 7.2 - High - October 28, 2024

A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic

CVE-2024-10433 6.1 - Medium - October 28, 2024

A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions different parameters to be affected which do not correlate with the screenshots of a successful attack.

XSS

A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical

CVE-2024-10432 9.8 - Critical - October 28, 2024

A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical

CVE-2024-10425 9.8 - Critical - October 27, 2024

A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /student/project_selection/move_up_project.php of the component Project Selection Page. The manipulation of the argument up leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical

CVE-2024-10424 9.8 - Critical - October 27, 2024

A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Project Selection Page. The manipulation of the argument no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0

CVE-2024-10423 9.8 - Critical - October 27, 2024

A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/project_selection/project_selection.php of the component Project Selection Page. The manipulation of the argument project_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

SQL Injection

Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection

CVE-2024-42843 9.8 - Critical - August 15, 2024

Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php.

SQL Injection

Aegon Life v1.0 was discovered to contain a SQL injection vulnerability

CVE-2024-36597 8.8 - High - June 14, 2024

Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php.

SQL Injection

An issue in Projectworlds Vistor Management Systemin PHP v.1.0

CVE-2024-22922 9.8 - Critical - January 25, 2024

An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php

Improper Privilege Management

A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0

CVE-2024-0730 9.8 - Critical - January 19, 2024

A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability.

SQL Injection

A vulnerability was found in Project Worlds Student Project Allocation System 1.0

CVE-2024-0726 6.1 - Medium - January 19, 2024

A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability.

XSS

A vulnerability was found in Online Job Portal 1.0 and classified as problematic

CVE-2024-0262 4.8 - Medium - January 07, 2024

A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input </title><scRipt>alert(0x00C57D)</scRipt> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability.

XSS

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-48717 - December 21, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-48716 9.8 - Critical - December 21, 2023

Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-48690 - December 21, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-48689 9.8 - Critical - December 21, 2023

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-48688 - December 21, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-48687 9.8 - Critical - December 21, 2023

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-48686 - December 21, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-48685 9.8 - Critical - December 21, 2023

Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46791 - December 21, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: It is a duplicate.

CVE-2023-45127 - December 21, 2023

Rejected reason: It is a duplicate.

Rejected reason: It is a duplicate.

CVE-2023-45126 - December 21, 2023

Rejected reason: It is a duplicate.

Rejected reason: It is a duplicate.

CVE-2023-45125 - December 21, 2023

Rejected reason: It is a duplicate.

Rejected reason: It is a duplicate.

CVE-2023-45124 - December 21, 2023

Rejected reason: It is a duplicate.

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities

CVE-2023-44482 8.8 - High - December 21, 2023

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities

CVE-2023-44481 8.8 - High - December 21, 2023

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities

CVE-2023-45121 8.8 - High - December 21, 2023

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities

CVE-2023-45120 8.8 - High - December 21, 2023

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: It is a duplicate.

CVE-2023-45123 - December 21, 2023

Rejected reason: It is a duplicate.

Rejected reason: It is a duplicate.

CVE-2023-45122 - December 21, 2023

Rejected reason: It is a duplicate.

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities

CVE-2023-45119 8.8 - High - December 21, 2023

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'n' parameter of the /update.php?q=quiz resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities

CVE-2023-45118 8.8 - High - December 21, 2023

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'fdid' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities

CVE-2023-45117 8.8 - High - December 21, 2023

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities

CVE-2023-45116 8.8 - High - December 21, 2023

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'demail' parameter of the /update.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities

CVE-2023-45115 8.8 - High - December 21, 2023

Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'ch' parameter of the /update.php?q=addqns resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-48434 9.8 - Critical - December 20, 2023

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the reg_action.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-48433 9.8 - Critical - December 20, 2023

Online Voting System Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the login_action.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-46800 - November 07, 2023

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the view_profile.php resource does not validate the characters received and they are sent unfiltered to the database.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46799 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46798 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46797 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46796 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46795 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46794 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-46793 - November 07, 2023

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'day' parameter in the 'register()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46792 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46790 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-46789 - November 07, 2023

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'filename' attribute of the 'pic1' multipart parameter of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-46788 - November 07, 2023

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter in the 'uploadphoto()' function of the functions.php resource does not validate the characters received and they are sent unfiltered to the database.

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-46787 - November 07, 2023

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'username' parameter of the auth/auth.php resource does not validate the characters received and they are sent unfiltered to the database.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46786 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-46785 9.8 - Critical - November 07, 2023

Online Matrimonial Project v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the partner_preference.php resource does not validate the characters received and they are sent unfiltered to the database.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46680 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-46679 - November 07, 2023

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname_email' parameter of the index.php resource does not validate the characters received and they are sent unfiltered to the database.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46678 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-46677 - November 07, 2023

Online Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'txt_uname' parameter of the sign-up.php resource does not validate the characters received and they are sent unfiltered to the database.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-46676 - November 07, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45347 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_verified' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45346 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_role' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45345 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_deleted' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45338 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'id' parameter of the routers/add-ticket.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45344 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_balance' parameter of the routers/user-router.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45335 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45334 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'status' parameter of the routers/edit-orders.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45333 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45332 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45331 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45330 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45329 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45327 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45326 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45325 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45324 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45323 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45343 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'ticket_id' parameter of the routers/ticket-message.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45342 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/register-router.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45341 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The '*_price' parameter of the routers/menu-router.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45340 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'phone' parameter of the routers/details-router.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45339 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45337 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities

CVE-2023-45336 9.8 - Critical - November 02, 2023

Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the routers/router.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-45328 - November 02, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities

CVE-2023-45203 6.1 - Medium - November 01, 2023

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

Open Redirect

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities

CVE-2023-45202 6.1 - Medium - November 01, 2023

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

Open Redirect

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities

CVE-2023-45201 6.1 - Medium - November 01, 2023

Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.

Open Redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-5306 - October 31, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-44486 - October 31, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-44485 - October 31, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability

CVE-2023-44484 6.1 - Medium - October 31, 2023

Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.

XSS

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities

CVE-2023-44480 8.8 - High - October 27, 2023

Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.

SQL Injection

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-44377 - October 27, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-44376 - October 27, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2023-44375 - October 27, 2023

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.