CVE-2025-11103 Projectworlds Online Tours and Travels change-image.php unrestricted upload

A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...

CVE-2025-11103

CVE-2025-11103 affects Projectworlds Online Tours and Travels 1.0. The vulnerability is in the /admin/change-image.php file, where manipulating the packageimage argument leads to unrestricted file uploads. Attacks may be initiated remotely, and the exploit has been publicly disclosed. Several sou...

Projectworlds Online Tours and Travels 代码问题漏洞

Projectworlds Online Tours and Travels is an online tours and travels program by Projectworlds India. A code issue vulnerability exists in Projectworlds Online Tours and Travels version 1.0, which stems from improper manipulation of the parameter packageimage in the file /admin/change-image.php,...

PT-2025-39767

Name of the Vulnerable Software and Affected Versions Projectworlds Online Tours and Travels version 1.0 Description A security issue exists in Projectworlds Online Tours and Travels 1.0 related to unrestricted file upload. The issue is located in the /admin/change-image.php file, where...

CVE-2025-11070

A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

CVE-2025-11070

A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

CVE-2025-11070 Projectworlds Online Shopping System cart_add.php sql injection

A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

CVE-2025-11070 Projectworlds Online Shopping System cart_add.php sql injection

A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...

CVE-2025-11070

CVE-2025-11070 affects Projectworlds Online Shopping System 1.0. The vulnerable component is the file /store/cart_add.php, where manipulating the ID parameter enables a SQL injection. Public exploitability is indicated, with remote access possible and high impact on confidentiality, integrity, an...

CVE-2025-11067

CVE-2025-11067 affects Projectworlds Visitor Management System 1.0, specifically the Add Visitor Page’s unknown function in the /myform.php file. The issue arises from manipulating the Name parameter, resulting in a cross-site scripting vulnerability. Remote exploitation is possible, and exploits...

PT-2025-39730

Name of the Vulnerable Software and Affected Versions Projectworlds Visitor Management System version 1.0 Description A cross-site scripting issue exists in Projectworlds Visitor Management System version 1.0. The issue is related to the manipulation of the Name argument within an unknown functio...

Projectworlds Online Shopping System SQL注入漏洞

Projectworlds Online Shopping System is an online shopping system from the Austrian company Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Shopping System version 1.0, which stems from a misuse of the parameter ID in the file /store/cartadd.php, which could lead to a...

Projectworlds Visitor Management System 代码注入漏洞

Projectworlds Visitor Management System is a visitor access management system from Projectworlds India. It implements self-service features for visitors. A code injection vulnerability exists in Projectworlds Visitor Management System version 1.0, which stems from an incorrect manipulation of the...

PT-2025-39735

Name of the Vulnerable Software and Affected Versions Projectworlds Online Shopping System version 1.0 Description A flaw exists in Projectworlds Online Shopping System that allows for SQL injection. This issue affects an unknown part of the /store/cart add.php file. Manipulation of the ID argume...

CVE-2025-9928 projectworlds Travel Management System viewcategory.php sql injection

A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-9928 projectworlds Travel Management System viewcategory.php sql injection

A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been...

CVE-2025-9927

CVE-2025-9927 affects projectworlds Travel Management System 1.0. The vulnerability is a SQL injection in an unknown function within /viewpackage.php caused by manipulation of the t1 parameter, exploitable remotely. Public exploits exist. According to CVSS data, impact is high to critical (networ...

CVE-2025-9926 projectworlds Travel Management System viewsubcategory.php sql injection

A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulation of the argument t1 causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and...

CVE-2025-9926 projectworlds Travel Management System viewsubcategory.php sql injection

A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulation of the argument t1 causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and...

CVE-2025-9925 projectworlds Travel Management System detail.php sql injection

A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...