Projectworlds: Security Vulnerabilities
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'name' parameter of the routers/add-item.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-11-02
Online Food Ordering System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'address' parameter of the routers/add-users.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-11-02
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the login.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-11-01
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the feed.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-11-01
Online Examination System v1.0 is vulnerable to multiple Open Redirect vulnerabilities. The 'q' parameter of the admin.php resource allows an attacker to redirect a victim user to an arbitrary web site using a crafted URL.
CVSS Score
6.1
EPSS Score
0.002
Published
2023-11-01
Online Blood Donation Management System v1.0 is vulnerable to a Stored Cross-Site Scripting vulnerability. The 'firstName' parameter of the users/register.php resource is copied into the users/member.php document as plain text between tags. Any input is echoed unmodified in the users/member.php response.
CVSS Score
6.1
EPSS Score
0.001
Published
2023-10-31
Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setcasualleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-10-27
Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'lnm' parameter of the header.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-10-26
Asset Management System v1.0 is vulnerable to
an Authenticated SQL Injection vulnerability
on the 'first_name' and 'last_name' parameters
of user.php page, allowing an authenticated
attacker to dump all the contents of the database
contents.
CVSS Score
8.8
EPSS Score
0.001
Published
2023-09-28
The 'search' parameter of the process_search.php resource
does not validate the characters received and they
are sent unfiltered to the database.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-28