Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
projectworlds vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-45120
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'qid' parameter of the /update.php?q=quiz&step=2 resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Examination System 1.0
8.8
CVSSv3
CVE-2023-45121
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'desc' parameter of the /update.php?q=addquiz resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Examination System 1.0
6.1
CVSSv3
CVE-2023-45201
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an malicious user to redirect a victim user to an arbitrary web site using a crafted URL.
Projectworlds Online Examination System 1.0
6.1
CVSSv3
CVE-2023-45202
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an malicious user to redirect a victim user to an arbitrary web site using a crafted URL.
Projectworlds Online Examination System 1.0
6.1
CVSSv3
CVE-2023-45203
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an malicious user to redirect a victim user to an arbitrary web site using a crafted URL.
Projectworlds Online Examination System 1.0
8.8
CVSSv3
CVE-2023-45117
Online Examination System v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'eid' parameter of the /update.php?q=rmquiz resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Examination System 1.0
9.8
CVSSv3
CVE-2020-24199
Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows malicious users to conduct remote code execution.
Projectworlds Car Rental Project 1.0
9.8
CVSSv3
CVE-2020-24203
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated malicious users to gain remote code execution.
Projectworlds Travel Management System 1.0
9.8
CVSSv3
CVE-2023-44267
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Online Art Gallery 1.0
9.8
CVSSv3
CVE-2023-48685
Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database.
Projectworlds Railway Reservation System 1.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »