671 matches found
CVE-2025-11103 Projectworlds Online Tours and Travels change-image.php unrestricted upload
A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...
CVE-2025-11103 Projectworlds Online Tours and Travels change-image.php unrestricted upload
A security vulnerability has been detected in Projectworlds Online Tours and Travels 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/change-image.php. The manipulation of the argument packageimage leads to unrestricted upload. The attack may be initiated remotel...
PT-2025-39767
Name of the Vulnerable Software and Affected Versions Projectworlds Online Tours and Travels version 1.0 Description A security issue exists in Projectworlds Online Tours and Travels 1.0 related to unrestricted file upload. The issue is located in the /admin/change-image.php file, where...
Projectworlds Online Tours and Travels 代码问题漏洞
Projectworlds Online Tours and Travels is an online tours and travels program by Projectworlds India. A code issue vulnerability exists in Projectworlds Online Tours and Travels version 1.0, which stems from improper manipulation of the parameter packageimage in the file /admin/change-image.php,...
CVE-2025-11070
A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2025-11070
A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2025-11070
CVE-2025-11070 affects Projectworlds Online Shopping System 1.0. The vulnerable component is the file /store/cart_add.php, where manipulating the ID parameter enables a SQL injection. Public exploitability is indicated, with remote access possible and high impact on confidentiality, integrity, an...
CVE-2025-11070 Projectworlds Online Shopping System cart_add.php sql injection
A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2025-11070 Projectworlds Online Shopping System cart_add.php sql injection
A vulnerability was identified in Projectworlds Online Shopping System 1.0. This affects an unknown part of the file /store/cartadd.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used...
CVE-2025-11067
CVE-2025-11067 affects Projectworlds Visitor Management System 1.0, specifically the Add Visitor Page’s unknown function in the /myform.php file. The issue arises from manipulating the Name parameter, resulting in a cross-site scripting vulnerability. Remote exploitation is possible, and exploits...
Projectworlds Visitor Management System 代码注入漏洞
Projectworlds Visitor Management System is a visitor access management system from Projectworlds India. It implements self-service features for visitors. A code injection vulnerability exists in Projectworlds Visitor Management System version 1.0, which stems from an incorrect manipulation of the...
PT-2025-39735
Name of the Vulnerable Software and Affected Versions Projectworlds Online Shopping System version 1.0 Description A flaw exists in Projectworlds Online Shopping System that allows for SQL injection. This issue affects an unknown part of the /store/cart add.php file. Manipulation of the ID argume...
Projectworlds Online Shopping System SQL注入漏洞
Projectworlds Online Shopping System is an online shopping system from the Austrian company Projectworlds. A SQL injection vulnerability exists in Projectworlds Online Shopping System version 1.0, which stems from a misuse of the parameter ID in the file /store/cartadd.php, which could lead to a...
PT-2025-39730
Name of the Vulnerable Software and Affected Versions Projectworlds Visitor Management System version 1.0 Description A cross-site scripting issue exists in Projectworlds Visitor Management System version 1.0. The issue is related to the manipulation of the Name argument within an unknown functio...
CVE-2025-9928 projectworlds Travel Management System viewcategory.php sql injection
A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-9928 projectworlds Travel Management System viewcategory.php sql injection
A security flaw has been discovered in projectworlds Travel Management System 1.0. The impacted element is an unknown function of the file /viewcategory.php. Performing manipulation of the argument t1 results in sql injection. It is possible to initiate the attack remotely. The exploit has been...
CVE-2025-9927
CVE-2025-9927 affects projectworlds Travel Management System 1.0. The vulnerability is a SQL injection in an unknown function within /viewpackage.php caused by manipulation of the t1 parameter, exploitable remotely. Public exploits exist. According to CVSS data, impact is high to critical (networ...
CVE-2025-9926 projectworlds Travel Management System viewsubcategory.php sql injection
A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulation of the argument t1 causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and...
CVE-2025-9926 projectworlds Travel Management System viewsubcategory.php sql injection
A vulnerability was determined in projectworlds Travel Management System 1.0. Impacted is an unknown function of the file /viewsubcategory.php. This manipulation of the argument t1 causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosed and...
CVE-2025-9925 projectworlds Travel Management System detail.php sql injection
A vulnerability was found in projectworlds Travel Management System 1.0. This issue affects some unknown processing of the file /detail.php. The manipulation of the argument pid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...