Filtered by vendor Projectworlds
Subscribe
Total
31 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19107 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19114 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19112 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-19110 | 1 Projectworlds | 1 Online Book Store Project In Php | 2021-05-07 | 7.5 HIGH | 9.8 CRITICAL |
| SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-27397 | 1 Projectworlds | 1 Online Matrimonial Project | 2020-12-23 | 6.5 MEDIUM | 8.8 HIGH |
| Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file. | |||||
| CVE-2020-25761 | 1 Projectworlds | 1 Visitor Management System In Php | 2020-10-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc. | |||||
| CVE-2020-23833 | 1 Projectworlds | 1 House Rental | 2020-09-18 | 7.5 HIGH | 9.8 CRITICAL |
| Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request. | |||||
| CVE-2020-24199 | 1 Projectworlds | 1 Car Rental Project | 2020-09-09 | 7.5 HIGH | 9.8 CRITICAL |
| Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution. | |||||
| CVE-2020-24202 | 1 Projectworlds | 1 House Rental And Property Listing Project | 2020-08-31 | 7.5 HIGH | 9.8 CRITICAL |
| File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution. | |||||
| CVE-2020-11545 | 1 Projectworlds | 1 Official Car Rental System | 2020-04-06 | 7.5 HIGH | 9.8 CRITICAL |
| Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt. | |||||
| CVE-2020-11544 | 1 Projectworlds | 1 Official Car Rental System | 2020-04-06 | 6.5 MEDIUM | 7.2 HIGH |
| An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files. | |||||