Lucene search
K
ProjectworldsStudent Project Allocation System

6 matches found

CVE
CVE
added 2024/01/19 5:31 p.m.66 views

CVE-2024-0726

CVE-2024-0726 affects Project Worlds Student Project Allocation System 1.0, specifically the Admin Login Module via the file admin_login.php. The vulnerability is a cross-site scripting (XSS) flaw caused by manipulating the msg argument (example input: test%22%3Cscript%3Ealert(%27Torada%27)%3C/sc...

6.1CVSS6AI score0.00643EPSS
Web
CVE
CVE
added 2025/05/09 5:31 p.m.62 views

CVE-2025-4482

CVE-2025-4482 affects Project Worlds Student Project Allocation System 1.0. The vulnerability is a SQL injection in the file /change_pass/forgot_password_sql.php, caused by the parameter Pat_BloodGroup1. It is exploitable remotely and has been disclosed publicly. Multiple connected sources corrob...

9.8CVSS7.6AI score0.00456EPSS
Web
CVE
CVE
added 2024/10/27 6:31 p.m.48 views

CVE-2024-10424

CVE-2024-10424 corresponds to a SQL injection in Project Worlds Student Project Allocation System 1.0, triggered via the remove_project.php page (affecting the /student/project_selection/remove_project.php endpoint) by manipulating the no parameter. Multiple sources (NVD, Red Hat, CVE records, PT...

9.8CVSS7.1AI score0.00543EPSS
Web
CVE
CVE
added 2024/10/27 6:0 p.m.45 views

CVE-2024-10423

CVE-2024-10423 affects Project Worlds Student Project Allocation System 1.0, specifically the /student/project_selection/project_selection.php file. The vulnerability arises from the project_id parameter, enabling remote SQL injection. Public exploit details exist. No patch/fix is confirmed in th...

9.8CVSS7.1AI score0.00508EPSS
Web
CVE
CVE
added 2024/10/27 7:0 p.m.45 views

CVE-2024-10425

CVE-2024-10425 affects Project Worlds Student Project Allocation System 1.0. The vulnerability lies in /student/project_selection/move_up_project.php where manipulating the up parameter yields an SQL injection. The issue can be exploited remotely over NETWORK with LOW attack complexity and no pri...

9.8CVSS7AI score0.00543EPSS
Web
CVE
CVE
added 2025/05/17 8:31 p.m.45 views

CVE-2025-4837

CVE-2025-4837 affects projectworlds Student Project Allocation System 1.0. The vulnerability is a SQL injection in the file /make_group_sql.php, triggered by manipulating the arguments mem1, mem2, or mem3. It is possible to initiate the attack remotely, and exploit details have been disclosed pub...

9.8CVSS7.5AI score0.00445EPSS
Web