Lucene search
K
ProjectworldsVisitor Management System

9 matches found

CVE
CVE
added 2024/02/28 12:0 a.m.98 views

CVE-2024-22983

The CVE-2024-22983 entry describes a SQL injection vulnerability in Projectworlds Visitor Management System v1.0 (PHP). The flaw allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. Red Hat, NVD, CNNVD, CVE records corroborate the vulnerability detail...

8.1CVSS8.1AI score0.00807EPSS
CVE
CVE
added 2020/09/29 7:0 p.m.88 views

CVE-2020-25760

CVE-2020-25760 affects Projectworlds Visitor Management System in PHP 1.0. Connected sources confirm a SQL Injection in front.php caused by lack of input validation on the rid parameter, enabling an attacker to append queries and potentially extract sensitive data. The vulnerability is documented...

8.8CVSS8.6AI score0.02169EPSS
Web
CVE
CVE
added 2024/01/25 12:0 a.m.60 views

CVE-2024-22922

CVE-2024-22922 affects Projectworlds Vistor(Visitor) Management System in PHP v1.0. A remote attacker can escalate privileges via a crafted script submitted to POST/index.php on the login page, enabling full/total impact per included metrics (CVSSv3.1: 9.8, CRITICAL, Network vector, no user inter...

9.8CVSS9.3AI score0.00784EPSS
Web
CVE
CVE
added 2024/01/17 11:31 p.m.55 views

CVE-2024-0650

CVE-2024-0650 affects Project Worlds Visitor Management System 1.0, specifically the URL Handler’s dataset.php. The vulnerability is a reflected XSS caused by manipulating the argument name (example input: >""), which can be exploited remotely and has been disclosed publicly. Multiple sources ...

6.1CVSS6AI score0.00681EPSS
CVE
CVE
added 2020/09/29 7:6 p.m.42 views

CVE-2020-25761

CVE-2020-25761 affects the Projectworlds Visitor Management System in PHP 1.0. The vulnerability is an unauthenticated cross-site scripting (XSS) flaw in the file myform.php due to lack of input validation on request parameters. An attacker can inject JavaScript payloads via parameters, potential...

6.1CVSS6.1AI score0.01825EPSS
Web
CVE
CVE
added 2025/08/15 11:2 a.m.21 views

CVE-2025-9047

CVE-2025-9047 affects projectworlds Visitor Management System 1.0. The vulnerability is a SQL injection in the file /visitor_out.php, triggered by manipulating the rid parameter in an unknown function, with remote execution possible. Multiple connected sources confirm the issue and describe it as...

9.8CVSS7.6AI score0.00387EPSS
CVE
CVE
added 2025/08/14 6:32 a.m.20 views

CVE-2025-8947

CVE-2025-8947 concerns the projectworlds Visitor Management System 1.0. The vulnerability lies in the /query_data.php processing of the dateF/dateP parameters, where unsafely built SQL queries allow an attacker to perform SQL injection. Public disclosure indicates remote exploitation and potentia...

9.8CVSS7.6AI score0.00367EPSS
Web
CVE
CVE
added 2025/08/14 7:2 a.m.17 views

CVE-2025-8948

The projectworlds Visitor Management System 1.0 is affected by a SQL injection in the front.php file via the rid parameter. Multiple connected sources confirm remote exploitation and publicly disclosed exploit details. No official patch/version removal details are provided in the documents; at le...

9.8CVSS7.6AI score0.00384EPSS
CVE
CVE
added 2025/09/27 3:32 p.m.16 views

CVE-2025-11067

CVE-2025-11067 affects Projectworlds Visitor Management System 1.0, specifically the Add Visitor Page’s unknown function in the /myform.php file. The issue arises from manipulating the Name parameter, resulting in a cross-site scripting vulnerability. Remote exploitation is possible, and exploits...

4.8CVSS5.2AI score0.00281EPSS