CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2065 – projectworlds Life Insurance Management System editAgent.php sql injection
https://notcve.org/view.php?id=CVE-2025-2065
07 Mar 2025 — A vulnerability, which was classified as critical, was found in projectworlds Life Insurance Management System 1.0. This affects an unknown part of the file /editAgent.php. The manipulation of the argument agent_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ubfbuz3/cve/issues/7 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2064 – projectworlds Life Insurance Management System deletePayment.php sql injection
https://notcve.org/view.php?id=CVE-2025-2064
07 Mar 2025 — A vulnerability, which was classified as critical, has been found in projectworlds Life Insurance Management System 1.0. Affected by this issue is some unknown functionality of the file /deletePayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ubfbuz3/cve/issues/6 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2063 – projectworlds Life Insurance Management System deleteNominee.php sql injection
https://notcve.org/view.php?id=CVE-2025-2063
07 Mar 2025 — A vulnerability classified as critical was found in projectworlds Life Insurance Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /deleteNominee.php. The manipulation of the argument nominee_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ubfbuz3/cve/issues/5 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2025-2062 – projectworlds Life Insurance Management System clientStatus.php sql injection
https://notcve.org/view.php?id=CVE-2025-2062
07 Mar 2025 — A vulnerability classified as critical has been found in projectworlds Life Insurance Management System 1.0. Affected is an unknown function of the file /clientStatus.php. The manipulation of the argument client_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/akjedfha/cve/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1965 – projectworlds Online Hotel Booking login.php sql injection
https://notcve.org/view.php?id=CVE-2025-1965
05 Mar 2025 — A vulnerability classified as critical has been found in projectworlds Online Hotel Booking 1.0. Affected is an unknown function of the file /admin/login.php. The manipulation of the argument emailusername leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/ubfbuz3/cve/issues/4 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1964 – projectworlds Online Hotel Booking booknow.php sql injection
https://notcve.org/view.php?id=CVE-2025-1964
05 Mar 2025 — A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been rated as critical. This issue affects some unknown processing of the file /booknow.php?roomname=Duplex. The manipulation of the argument checkin leads to sql injection. • https://github.com/ubfbuz3/cve/issues/3 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1963 – projectworlds Online Hotel Booking reservation.php sql injection
https://notcve.org/view.php?id=CVE-2025-1963
05 Mar 2025 — A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /reservation.php. The manipulation of the argument checkin leads to sql injection. The attack can be initiated remotely. • https://github.com/ubfbuz3/cve/issues/2 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1962 – projectworlds Online Hotel Booking addroom.php sql injection
https://notcve.org/view.php?id=CVE-2025-1962
04 Mar 2025 — A vulnerability was found in projectworlds Online Hotel Booking 1.0. It has been classified as critical. This affects an unknown part of the file /admin/addroom.php. The manipulation of the argument roomname leads to sql injection. It is possible to initiate the attack remotely. • https://github.com/ubfbuz3/cve/issues/1 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12950 – code-projects/projectworlds Travel Management System subcat.php sql injection
https://notcve.org/view.php?id=CVE-2024-12950
26 Dec 2024 — A vulnerability was found in code-projects Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql injection. The attack may be initiated remotely. • https://code-projects.org • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-51326
https://notcve.org/view.php?id=CVE-2024-51326
04 Nov 2024 — SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. • https://github.com/redtrib3/CVEs/tree/main/CVE-2024-51326%20-%20Union%20SQLi • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •