9 matches found
CVE-2024-22983
The CVE-2024-22983 entry describes a SQL injection vulnerability in Projectworlds Visitor Management System v1.0 (PHP). The flaw allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. Red Hat, NVD, CNNVD, CVE records corroborate the vulnerability detail...
CVE-2020-25760
CVE-2020-25760 affects Projectworlds Visitor Management System in PHP 1.0. Connected sources confirm a SQL Injection in front.php caused by lack of input validation on the rid parameter, enabling an attacker to append queries and potentially extract sensitive data. The vulnerability is documented...
CVE-2024-22922
CVE-2024-22922 affects Projectworlds Vistor(Visitor) Management System in PHP v1.0. A remote attacker can escalate privileges via a crafted script submitted to POST/index.php on the login page, enabling full/total impact per included metrics (CVSSv3.1: 9.8, CRITICAL, Network vector, no user inter...
CVE-2024-0650
CVE-2024-0650 affects Project Worlds Visitor Management System 1.0, specifically the URL Handler’s dataset.php. The vulnerability is a reflected XSS caused by manipulating the argument name (example input: >""), which can be exploited remotely and has been disclosed publicly. Multiple sources ...
CVE-2020-25761
CVE-2020-25761 affects the Projectworlds Visitor Management System in PHP 1.0. The vulnerability is an unauthenticated cross-site scripting (XSS) flaw in the file myform.php due to lack of input validation on request parameters. An attacker can inject JavaScript payloads via parameters, potential...
CVE-2025-9047
CVE-2025-9047 affects projectworlds Visitor Management System 1.0. The vulnerability is a SQL injection in the file /visitor_out.php, triggered by manipulating the rid parameter in an unknown function, with remote execution possible. Multiple connected sources confirm the issue and describe it as...
CVE-2025-8947
CVE-2025-8947 concerns the projectworlds Visitor Management System 1.0. The vulnerability lies in the /query_data.php processing of the dateF/dateP parameters, where unsafely built SQL queries allow an attacker to perform SQL injection. Public disclosure indicates remote exploitation and potentia...
CVE-2025-8948
The projectworlds Visitor Management System 1.0 is affected by a SQL injection in the front.php file via the rid parameter. Multiple connected sources confirm remote exploitation and publicly disclosed exploit details. No official patch/version removal details are provided in the documents; at le...
CVE-2025-11067
CVE-2025-11067 affects Projectworlds Visitor Management System 1.0, specifically the Add Visitor Page’s unknown function in the /myform.php file. The issue arises from manipulating the Name parameter, resulting in a cross-site scripting vulnerability. Remote exploitation is possible, and exploits...