Projectworlds: >> Travel Management System >> 1.0 Security Vulnerabilities
SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-11-04
SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-11-04
Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-11-04
XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field
CVSS Score
6.1
EPSS Score
0.004
Published
2021-05-17
Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.
CVSS Score
9.8
EPSS Score
0.057
Published
2020-08-27