CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-0229 – code-projects Travel Management System enquiry.php sql injection
https://notcve.org/view.php?id=CVE-2025-0229
05 Jan 2025 — A vulnerability, which was classified as critical, has been found in code-projects Travel Management System 1.0. This issue affects some unknown processing of the file /enquiry.php. The manipulation of the argument pid/t1/t2/t3/t4/t5/t6/t7 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://code-projects.org • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-12950 – code-projects/projectworlds Travel Management System subcat.php sql injection
https://notcve.org/view.php?id=CVE-2024-12950
26 Dec 2024 — A vulnerability was found in code-projects Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql injection. The attack may be initiated remotely. • https://code-projects.org • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12949 – code-projects Travel Management System package.php sql injection
https://notcve.org/view.php?id=CVE-2024-12949
26 Dec 2024 — A vulnerability was found in code-projects Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /package.php. The manipulation of the argument subcatid leads to sql injection. The attack can be initiated remotely. • https://code-projects.org • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12948 – code-projects Travel Management System detail.php sql injection
https://notcve.org/view.php?id=CVE-2024-12948
26 Dec 2024 — A vulnerability was found in code-projects Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /detail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. • https://code-projects.org • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2021-25208
https://notcve.org/view.php?id=CVE-2021-25208
23 Jul 2021 — Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php. Una vulnerabilidad de carga de archivos arbitrarios en SourceCodester Travel Management System versión v1.0, permite a atacantes ejecutar código arbitrario por medio de la carga de archivos en el archivo updatepackage.php • https://github.com/BigTiger2020/Travel-Management-System/blob/main/Travel%20Management%20System.md • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25213
https://notcve.org/view.php?id=CVE-2021-25213
22 Jul 2021 — SQL injection vulnerability in SourceCodester Travel Management System v 1.0 allows remote attackers to execute arbitrary SQL statements, via the catid parameter to subcat.php. Una vulnerabilidad de inyección SQL en SourceCodester Travel Management System versión v1.0, permite a atacantes remotos ejecutar sentencias SQL arbitrario, por medio del parámetro catid del archivo subcat.php • https://github.com/BigTiger2020/Travel-Management-System/blob/main/Travel%20Management%20System-sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-29205
https://notcve.org/view.php?id=CVE-2020-29205
17 May 2021 — XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field Una vulnerabilidad de tipo cross-site scripting XSS en el formulario de registro en Project Worlds Online Examination System versión 1.0, permite a un atacante remoto inyectar código arbitrario por medio del campo field • https://github.com/projectworldsofficial/online-examination-systen-in-php • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 5%CPEs: 1EXPL: 2CVE-2020-24203
https://notcve.org/view.php?id=CVE-2020-24203
27 Aug 2020 — Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. Permisos de Archivos No Seguros y una Carga de Archivos Arbitraria en la función upload pic en el archivo updatesubcategory.php en Projects World Travel Management System versión v1.0, permite a atacantes remotos no autenticados conseguir una ejecución de código remota • https://github.com/hyd3sec/TravelManagementSystemRCE • CWE-425: Direct Request ('Forced Browsing') CWE-434: Unrestricted Upload of File with Dangerous Type •