6 matches found
CVE-2024-0726
CVE-2024-0726 affects Project Worlds Student Project Allocation System 1.0, specifically the Admin Login Module via the file admin_login.php. The vulnerability is a cross-site scripting (XSS) flaw caused by manipulating the msg argument (example input: test%22%3Cscript%3Ealert(%27Torada%27)%3C/sc...
CVE-2025-4482
CVE-2025-4482 affects Project Worlds Student Project Allocation System 1.0. The vulnerability is a SQL injection in the file /change_pass/forgot_password_sql.php, caused by the parameter Pat_BloodGroup1. It is exploitable remotely and has been disclosed publicly. Multiple connected sources corrob...
CVE-2024-10424
CVE-2024-10424 corresponds to a SQL injection in Project Worlds Student Project Allocation System 1.0, triggered via the remove_project.php page (affecting the /student/project_selection/remove_project.php endpoint) by manipulating the no parameter. Multiple sources (NVD, Red Hat, CVE records, PT...
CVE-2024-10423
CVE-2024-10423 affects Project Worlds Student Project Allocation System 1.0, specifically the /student/project_selection/project_selection.php file. The vulnerability arises from the project_id parameter, enabling remote SQL injection. Public exploit details exist. No patch/fix is confirmed in th...
CVE-2024-10425
CVE-2024-10425 affects Project Worlds Student Project Allocation System 1.0. The vulnerability lies in /student/project_selection/move_up_project.php where manipulating the up parameter yields an SQL injection. The issue can be exploited remotely over NETWORK with LOW attack complexity and no pri...
CVE-2025-4837
CVE-2025-4837 affects projectworlds Student Project Allocation System 1.0. The vulnerability is a SQL injection in the file /make_group_sql.php, triggered by manipulating the arguments mem1, mem2, or mem3. It is possible to initiate the attack remotely, and exploit details have been disclosed pub...