Shodan
Vulnerabilities
Vulnerable Software
Projectworlds:  Security Vulnerabilities
CVE-2023-44164
The 'Email' parameter of the process_login.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-28
CVE-2023-44166
The 'age' parameter of the process_registration.php resource does not validate the characters received and they are sent unfiltered to the database.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-28
CVE-2023-44174
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability.
CVSS Score
6.4
EPSS Score
0.001
Published
2023-09-28
CVE-2023-43013
Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-09-28
CVE-2023-43740
Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
CVSS Score
8.8
EPSS Score
0.021
Published
2023-09-28
CVE-2023-44173
Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability.
CVSS Score
5.4
EPSS Score
0.001
Published
2023-09-28
CVE-2023-5004
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-09-28
CVE-2023-5053
Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.
CVSS Score
9.8
EPSS Score
0.0
Published
2023-09-28
CVE-2023-5185
Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.
CVSS Score
9.1
EPSS Score
0.014
Published
2023-09-28
CVE-2023-43144
Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.
CVSS Score
9.8
EPSS Score
0.028
Published
2023-09-22


Products
Pricing
Contact Us

Shodan ® - All rights reserved