Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-11067 | 1 Projectworlds | 1 Visitor Management System | 2025-10-03 | 3.3 LOW | 2.4 LOW |
| A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-9047 | 1 Projectworlds | 1 Visitor Management System | 2025-08-18 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8947 | 1 Projectworlds | 1 Visitor Management System | 2025-08-14 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-8948 | 1 Projectworlds | 1 Visitor Management System | 2025-08-14 | 7.5 HIGH | 7.3 HIGH |
| A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-22983 | 1 Projectworlds | 1 Visitor Management System | 2025-05-02 | N/A | 8.1 HIGH |
| SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. | |||||