CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22922
https://notcve.org/view.php?id=CVE-2024-22922
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php Un problema en Projectworlds Vistor Management System en PHP v.1.0 permite a un atacante remoto escalar privilegios a través de un script manipulado a la página de inicio de sesión en POST/index.php • https://github.com/keru6k/CVE-2024-22922 http://projectworlds.com http://visitor.com https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md • CWE-269: Improper Privilege Management •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2020-25761 – Visitor Management System In PHP 1.0 Cross Site Scripting
https://notcve.org/view.php?id=CVE-2020-25761
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc. Projectworlds Visitor Management System en PHP versión 1.0, permite un ataque de tipo XSS. El archivo myform.php no lleva a cabo una comprobación de entrada en los parámetros request. • http://packetstormsecurity.com/files/159263/Visitor-Management-System-In-PHP-1.0-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2020/Sep/45 https://packetstormsecurity.com/files/author/15149 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 4CVE-2020-25760 – Visitor Management System In PHP 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2020-25760
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. Projectworlds Visitor Management System en PHP versión 1.0, permite una inyección SQL. El archivo front.php no lleva a cabo una comprobación de entrada en el parámetro "rid". • http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html http://seclists.org/fulldisclosure/2020/Sep/43 https://packetstormsecurity.com/files/author/15149 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •