Projectworlds
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any Projectworlds product.
RSS Feeds for Projectworlds security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in Projectworlds products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by Projectworlds Sorted by Most Security Vulnerabilities since 2018
By the Year
In 2025 there have been 36 vulnerabilities in Projectworlds with an average score of 9.8 out of ten. Last year, in 2024 Projectworlds had 22 security vulnerabilities published. That is, 14 more vulnerabilities have already been reported in 2025 as compared to last year. However, the average CVE base score of the vulnerabilities in 2025 is greater by 1.07.
Year | Vulnerabilities | Average Score |
---|---|---|
2025 | 36 | 9.80 |
2024 | 22 | 8.73 |
2023 | 102 | 9.02 |
2022 | 5 | 7.70 |
2021 | 17 | 9.01 |
2020 | 5 | 8.34 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Projectworlds vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Projectworlds Security Vulnerabilities
A vulnerability was found in Projectworlds Life Insurance Management System 1.0
CVE-2025-6136
9.8 - Critical
- June 16, 2025
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in Projectworlds Life Insurance Management System 1.0
CVE-2025-6134
9.8 - Critical
- June 16, 2025
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /insertClient.php. The manipulation of the argument client_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
A vulnerability was found in Projectworlds Life Insurance Management System 1.0
CVE-2025-6135
9.8 - Critical
- June 16, 2025
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /insertNominee.php. The manipulation of the argument client_id/nominee_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical
CVE-2025-6133
9.8 - Critical
- June 16, 2025
A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in projectworlds Online Food Ordering System 1.0
CVE-2025-4936
9.8 - Critical
- May 19, 2025
A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0
CVE-2025-4932
9.8 - Critical
- May 19, 2025
A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file /lawyer_registation.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0
CVE-2025-4837
9.8 - Critical
- May 17, 2025
A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_group_sql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in Projectworlds Life Insurance Management System 1.0
CVE-2025-4836
9.8 - Critical
- May 17, 2025
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /deleteAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in Project Worlds Student Project Allocation System 1.0
CVE-2025-4482
9.8 - Critical
- May 09, 2025
A vulnerability classified as critical was found in Project Worlds Student Project Allocation System 1.0. Affected by this vulnerability is an unknown functionality of the file /change_pass/forgot_password_sql.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0
CVE-2025-4058
9.8 - Critical
- April 29, 2025
A vulnerability classified as critical has been found in Projectworlds Online Examination System 1.0. This affects an unknown part of the file /Bloodgroop_process.php. The manipulation of the argument Pat_BloodGroup1 leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in projectworlds Online Examination System 1.0
CVE-2025-4034
9.8 - Critical
- April 28, 2025
A vulnerability classified as critical was found in projectworlds Online Examination System 1.0. Affected by this vulnerability is an unknown functionality of the file /inser_doc_process.php. The manipulation of the argument Doc_ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0
CVE-2025-3186
9.8 - Critical
- April 04, 2025
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient/invoice.php. The manipulation of the argument appid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical
CVE-2025-3184
9.8 - Critical
- April 03, 2025
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This issue affects some unknown processing of the file /patient/profile.php?patientId=1. The manipulation of the argument patientFirstName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0
CVE-2025-3185
9.8 - Critical
- April 03, 2025
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been classified as critical. Affected is an unknown function of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0
CVE-2025-3181
9.8 - Critical
- April 03, 2025
A vulnerability, which was classified as critical, has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this issue is some unknown functionality of the file /patient/appointment.php?scheduleDate=1&appid=1. The manipulation of the argument scheduleDate leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0
CVE-2025-3182
9.8 - Critical
- April 03, 2025
A vulnerability, which was classified as critical, was found in projectworlds Online Doctor Appointment Booking System 1.0. This affects an unknown part of the file /patient/getschedule.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical
CVE-2025-3183
9.8 - Critical
- April 03, 2025
A vulnerability has been found in projectworlds Online Doctor Appointment Booking System 1.0 and classified as critical. This vulnerability affects unknown code of the file /patient/patientupdateprofile.php. The manipulation of the argument patientFirstName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0
CVE-2025-3178
9.8 - Critical
- April 03, 2025
A vulnerability was found in projectworlds Online Doctor Appointment Booking System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /doctor/deleteappointment.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical has been found in projectworlds Online Doctor Appointment Booking System 1.0
CVE-2025-3179
9.8 - Critical
- April 03, 2025
A vulnerability classified as critical has been found in projectworlds Online Doctor Appointment Booking System 1.0. Affected is an unknown function of the file /doctor/deletepatient.php. The manipulation of the argument ic leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0
CVE-2025-3180
9.8 - Critical
- April 03, 2025
A vulnerability classified as critical was found in projectworlds Online Doctor Appointment Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /doctor/deleteschedule.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0
CVE-2025-3173
9.8 - Critical
- April 03, 2025
A vulnerability, which was classified as critical, was found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the file /save_booking.php. The manipulation of the argument lawyer_id/description leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical
CVE-2025-3174
9.8 - Critical
- April 03, 2025
A vulnerability has been found in Project Worlds Online Lawyer Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0
CVE-2025-3170
9.8 - Critical
- April 03, 2025
A vulnerability classified as critical has been found in Project Worlds Online Lawyer Management System 1.0. This affects an unknown part of the file /admin_user.php. The manipulation of the argument block_id/unblock_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0
CVE-2025-3171
9.8 - Critical
- April 03, 2025
A vulnerability classified as critical was found in Project Worlds Online Lawyer Management System 1.0. This vulnerability affects unknown code of the file /approve_lawyer.php. The manipulation of the argument unblock_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in projectworlds Apartment Visitors Management System 1.0
CVE-2025-2657
9.8 - Critical
- March 23, 2025
A vulnerability classified as critical was found in projectworlds Apartment Visitors Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /front.php. The manipulation of the argument rid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical
CVE-2025-2066
9.8 - Critical
- March 07, 2025
A vulnerability has been found in projectworlds Life Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /updateAgent.php. The manipulation of the argument agent_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical
CVE-2025-2067
9.8 - Critical
- March 07, 2025
A vulnerability was found in projectworlds Life Insurance Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0
CVE-2025-2062
9.8 - Critical
- March 07, 2025
A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the argument client_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0
CVE-2025-2063
9.8 - Critical
- March 07, 2025
A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deleteNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0
CVE-2025-2064
9.8 - Critical
- March 07, 2025
A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file /deletePayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0
CVE-2025-2065
9.8 - Critical
- March 07, 2025
A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of the argument agent_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in projectworlds Online Hotel Booking 1.0
CVE-2025-1964
9.8 - Critical
- March 05, 2025
A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been rated as critical. This issue affects some unknown processing of the file /booknow.php?roomname=Duplex. The manipulation of the argument checkin leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.
SQL Injection
A vulnerability classified as critical has been found in projectworlds Online Hotel Booking 1.0
CVE-2025-1965
9.8 - Critical
- March 05, 2025
A vulnerability classified as critical has been found in projectworlds Online Hotel Booking 1.0. Affected is an unknown function of the file /admin/login.php. The manipulation of the argument emailusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in projectworlds Online Hotel Booking 1.0
CVE-2025-1962
9.8 - Critical
- March 05, 2025
A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been classified as critical. This affects an unknown part of the file /admin/addroom.php. The manipulation of the argument roomname leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in projectworlds Online Hotel Booking 1.0
CVE-2025-1963
9.8 - Critical
- March 05, 2025
A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /reservation.php. The manipulation of the argument checkin leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0
CVE-2024-57328
9.8 - Critical
- January 23, 2025
A SQL Injection vulnerability exists in the login form of Online Food Ordering System v1.0. The vulnerability arises because the input fields username and password are not properly sanitized, allowing attackers to inject malicious SQL queries to bypass authentication and gain unauthorized access.
SQL Injection
SQL Injection in Project Worlds Shopping System
CVE-2024-11059
9.8 - Critical
- November 11, 2024
A vulnerability was found in Project Worlds Free Download Online Shopping System up to 192.168.1.88. It has been rated as critical. This issue affects some unknown processing of the file /online-shopping-webvsite-in-php-master/success.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
XSS in Travel Management System v1.0
CVE-2024-51328
- November 04, 2024
Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.
SQL Injection in Travel Management System v1.0
CVE-2024-51326
7.5 - High
- November 04, 2024
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.
SQL Injection
ProjectWorld TMS v1.0 SQLi Auth Bypass
CVE-2024-51327
9.8 - Critical
- November 04, 2024
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.
SQL Injection
SQL Injection Vulnerability in Project Worlds Life Insurance Management System v1.0 editNominee.php
CVE-2024-10735
9.8 - Critical
- November 03, 2024
A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /editNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQL Injection Vulnerability in Project Worlds Life Insurance Management System v1.0 editPayment.php
CVE-2024-10734
9.8 - Critical
- November 03, 2024
A vulnerability was found in Project Worlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /editPayment.php. The manipulation of the argument recipt_no leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php
CVE-2024-51060
- October 31, 2024
Projectworlds Online Admission System v1 is vulnerable to SQL Injection in index.php via the 'a_id' parameter.
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0
CVE-2024-10447
8.8 - High
- October 28, 2024
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.
SQL Injection
A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0
CVE-2024-10446
7.2 - High
- October 28, 2024
A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic
CVE-2024-10433
6.1 - Medium
- October 28, 2024
A vulnerability was found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument Name/Comment leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions different parameters to be affected which do not correlate with the screenshots of a successful attack.
XSS
A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical
CVE-2024-10432
9.8 - Critical
- October 28, 2024
A vulnerability has been found in Project Worlds Simple Web-Based Chat Application 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical
CVE-2024-10425
9.8 - Critical
- October 27, 2024
A vulnerability was found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /student/project_selection/move_up_project.php of the component Project Selection Page. The manipulation of the argument up leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical
CVE-2024-10424
9.8 - Critical
- October 27, 2024
A vulnerability has been found in Project Worlds Student Project Allocation System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/project_selection/remove_project.php of the component Project Selection Page. The manipulation of the argument no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0
CVE-2024-10423
9.8 - Critical
- October 27, 2024
A vulnerability, which was classified as critical, was found in Project Worlds Student Project Allocation System 1.0. Affected is an unknown function of the file /student/project_selection/project_selection.php of the component Project Selection Page. The manipulation of the argument project_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection