Projectworlds Visitor Management System
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Projectworlds Visitor Management System.
By the Year
In 2026 there have been 0 vulnerabilities in Projectworlds Visitor Management System. Last year, in 2025 Visitor Management System had 4 security vulnerabilities published. Right now, Visitor Management System is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 4 | 7.95 |
| 2024 | 3 | 7.95 |
It may take a day or so for new Visitor Management System vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Projectworlds Visitor Management System Security Vulnerabilities
Remote XSS in PW Visitor Management 1.0 (Add Visitor Page) via Name
CVE-2025-11067
2.4 - Low
- September 27, 2025
A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
XSS
Projectworlds VMS 1.0 SQLi via visitor_out.php rid
CVE-2025-9047
9.8 - Critical
- August 15, 2025
A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi in projectworlds VMS 1.0 via /front.php rid param
CVE-2025-8948
9.8 - Critical
- August 14, 2025
A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
ProjectWorlds VisitorMgmt 1.0 Remote SQLi via query_data.php
CVE-2025-8947
9.8 - Critical
- August 14, 2025
A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
SQL Injection
SQLi in Projectworlds VMS 1.0 via name param - privilege escalation
CVE-2024-22983
- February 28, 2024
SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.
Projectworlds VMS 1.0 PHP Privilege Escalation via POST/index.php
CVE-2024-22922
9.8 - Critical
- January 25, 2024
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php
Improper Privilege Management
Project Worlds VMS 1.0 URL Handler XSS in dataset.php
CVE-2024-0650
6.1 - Medium
- January 18, 2024
A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input "><script>alert('torada')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251376.
XSS
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Projectworlds Visitor Management System or by Projectworlds? Click the Watch button to subscribe.
