CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6136 – Projectworlds Life Insurance Management System insertPayment.php sql injection
https://notcve.org/view.php?id=CVE-2025-6136
16 Jun 2025 — A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack may be initiated remotely. • https://github.com/YZS17/CVE/blob/main/Life_Insurance_Management_System/sqli_insertPayment.php.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6135 – Projectworlds Life Insurance Management System insertNominee.php sql injection
https://notcve.org/view.php?id=CVE-2025-6135
16 Jun 2025 — A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /insertNominee.php. The manipulation of the argument client_id/nominee_id leads to sql injection. The attack can be initiated remotely. • https://github.com/YZS17/CVE/blob/main/Life_Insurance_Management_System/sqli_insertNominee.php_client_id.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6134 – Projectworlds Life Insurance Management System insertClient.php sql injection
https://notcve.org/view.php?id=CVE-2025-6134
16 Jun 2025 — A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /insertClient.php. The manipulation of the argument client_id leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/YZS17/CVE/blob/main/Life_Insurance_Management_System/sqli_insertClient_client_id.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-6133 – Projectworlds Life Insurance Management System insertagent.php sql injection
https://notcve.org/view.php?id=CVE-2025-6133
16 Jun 2025 — A vulnerability was found in Projectworlds Life Insurance Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /insertagent.php. The manipulation of the argument agent_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/YZS17/CVE/blob/main/Life_Insurance_Management_System/sqli_insertAgent.php_agent_id.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5213 – projectworlds Responsive E-Learning System delete_file.php sql injection
https://notcve.org/view.php?id=CVE-2025-5213
26 May 2025 — A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_file.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. • https://github.com/xinpengccc/cve-/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5008 – projectworlds Online Time Table Generator add_teacher.php sql injection
https://notcve.org/view.php?id=CVE-2025-5008
20 May 2025 — A vulnerability was found in projectworlds Online Time Table Generator 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add_teacher.php. The manipulation of the argument e leads to sql injection. The attack may be launched remotely. • https://github.com/hhhanxx/attack/issues/18 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5004 – projectworlds Online Time Table Generator add_course.php sql injection
https://notcve.org/view.php?id=CVE-2025-5004
20 May 2025 — A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/huangyi234/CVE/issues/8 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-5003 – projectworlds Online Time Table Generator semester_ajax.php sql injection
https://notcve.org/view.php?id=CVE-2025-5003
20 May 2025 — A vulnerability has been found in projectworlds Online Time Table Generator 1.0 and classified as critical. This vulnerability affects unknown code of the file /semester_ajax.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/huangyi234/CVE/issues/4 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4936 – projectworlds Online Food Ordering System admin-page.php sql injection
https://notcve.org/view.php?id=CVE-2025-4936
19 May 2025 — A vulnerability was found in projectworlds Online Food Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin-page.php. The manipulation of the argument 1_price leads to sql injection. It is possible to launch the attack remotely. • https://github.com/sknadklasdls/CVE/issues/3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4932 – projectworlds Online Lawyer Management System lawyer_registation.php sql injection
https://notcve.org/view.php?id=CVE-2025-4932
19 May 2025 — A vulnerability, which was classified as critical, has been found in projectworlds Online Lawyer Management System 1.0. Affected by this issue is some unknown functionality of the file /lawyer_registation.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/hhhanxx/attack/issues/12 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •