CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51326
https://notcve.org/view.php?id=CVE-2024-51326
04 Nov 2024 — SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. • https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51326%20-%20Union%20SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51327
https://notcve.org/view.php?id=CVE-2024-51327
04 Nov 2024 — SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields. • https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51327%20-%20SQLi%20Auth%20Bypass • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42843
https://notcve.org/view.php?id=CVE-2024-42843
15 Aug 2024 — Projectworlds Online Examination System v1.0 is vulnerable to SQL Injection via the subject parameter in feed.php. • https://github.com/ganzhi-qcy/cve/issues/6 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.0EPSS: 78%CPEs: 1EXPL: 1CVE-2024-36597 – AEGON LIFE 1.0 SQL Injection
https://notcve.org/view.php?id=CVE-2024-36597
14 Jun 2024 — Aegon Life v1.0 was discovered to contain a SQL injection vulnerability via the client_id parameter at clientStatus.php. Se descubrió que Aegon Life v1.0 contenía una vulnerabilidad de inyección SQL a través del parámetro client_id en clientStatus.php. AEGON LIFE version 1.0 suffers from a remote SQL injection vulnerability. • https://packetstorm.news/files/id/179086 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 2CVE-2024-36598 – AEGON LIFE 1.0 Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-36598
14 Jun 2024 — An arbitrary file upload vulnerability in Aegon Life v1.0 allows attackers to execute arbitrary code via uploading a crafted image file. Una vulnerabilidad de carga de archivos arbitrarios en Aegon Life v1.0 permite a los atacantes ejecutar código arbitrario cargando un archivo de imagen manipulado. AEGON LIFE version 1.0 suffers from an unauthenticated remote code execution vulnerability. • https://packetstorm.news/files/id/179087 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-22983
https://notcve.org/view.php?id=CVE-2024-22983
28 Feb 2024 — SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. Vulnerabilidad de inyección SQL en Projectworlds Visitor Management System en PHP v.1.0 permite a un atacante remoto escalar privilegios a través del parámetro de nombre en el endpoint myform.php. • https://github.com/keru6k/CVE-2024-22983 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 2CVE-2024-22922
https://notcve.org/view.php?id=CVE-2024-22922
25 Jan 2024 — An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php Un problema en Projectworlds Vistor Management System en PHP v.1.0 permite a un atacante remoto escalar privilegios a través de un script manipulado a la página de inicio de sesión en POST/index.php • https://github.com/keru6k/CVE-2024-22922 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0730 – Project Worlds Online Time Table Generator course_ajax.php sql injection
https://notcve.org/view.php?id=CVE-2024-0730
19 Jan 2024 — A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0262 – Online Job Portal Create News Page News.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0262
07 Jan 2024 — A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input </title><scRipt>alert(0x00C57D)</scRipt> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://mega.nz/file/zEsxyIYQ#re6pHT-2OGX9SNk1OpygDCQYu1RpBiOrQ_2QS6beRos • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-48716 – Student Result Management System v1.0 - Multiple Unauthenticated SQL Injections (SQLi)
https://notcve.org/view.php?id=CVE-2023-48716
21 Dec 2023 — Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. Student Result Management System v1.0 es afectado por múltiples vulnerabilidades de inyección SQL no autenticada. El parámetro 'class_id' del recurso add_classes.php no valida los caracteres recibidos y se envían sin filtrar a la base de datos. Student Res... • https://fluidattacks.com/advisories/gilels • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •