Projectworlds Visitor Management System 1.0
Approved changes feed: RSS · Atom
cpe:2.3:a:projectworlds:visitor_management_system:1.0:*:*:*:*:*:*:*
part: a version: 1.0 update: *
| Vendor | Projectworlds (1c49ba31-3767-5ff6-9610-c6dcb2aee835) |
|---|---|
| Product | Visitor Management System (5d12562f-d876-5666-8f7d-b350591970cd) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-9047 |
vulnerable | 2026-06-03 15:13:45.320953 |
projectworlds Visitor Management System visitor_out.php sql injection
HIGH (7.3)
A vulnerability has been found in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /visitor_out.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-08-15T11:02:08.849Z
Updated: 2025-08-15T13:08:29.362Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8948 |
vulnerable | 2026-06-03 15:13:45.143256 |
projectworlds Visitor Management System front.php sql injection
HIGH (7.3)
A vulnerability was determined in projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /front.php. The manipulation of the argument rid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-08-14T07:02:07.123Z
Updated: 2025-08-14T19:42:28.460Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-8947 |
vulnerable | 2026-06-03 15:13:45.142783 |
projectworlds Visitor Management System query_data.php sql injection
HIGH (7.3)
A vulnerability was found in projectworlds Visitor Management System 1.0. This issue affects some unknown processing of the file /query_data.php. The manipulation of the argument dateF/dateP leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Published: 2025-08-14T06:32:05.758Z
Updated: 2025-08-14T19:44:59.498Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-11067 |
vulnerable | 2026-06-03 14:58:35.329697 |
Projectworlds Visitor Management System Add Visitor myform.php cross site scripting
LOW (2.4)
A vulnerability has been found in Projectworlds Visitor Management System 1.0. Affected is an unknown function of the file /myform.php of the component Add Visitor Page. The manipulation of the argument Name leads to cross site scripting. Remote exploitation of the attack is possible. The exploit has been disclosed to the public and may be used.
Published: 2025-09-27T15:32:05.299Z
Updated: 2025-09-29T19:16:34.580Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22983 |
vulnerable | 2026-06-03 14:55:01.530117 |
Details available
SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint.
Published: 2024-02-28T00:00:00.000Z
Updated: 2025-03-27T21:13:21.661Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-22922 |
vulnerable | 2026-06-03 14:55:01.513910 |
Details available
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php
Published: 2024-01-25T00:00:00.000Z
Updated: 2025-06-04T21:18:04.058Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-0650 |
vulnerable | 2026-06-03 14:54:03.175488 |
Project Worlds Visitor Management System URL dataset.php cross site scripting
MEDIUM (4.3)
A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input "><script>alert('torada')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251376.
Published: 2024-01-17T23:31:04.675Z
Updated: 2024-10-21T11:49:55.435Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25761 |
vulnerable | 2026-06-03 14:42:15.379077 |
Details available
Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.
Published: 2020-09-29T19:06:00.000Z
Updated: 2025-11-11T16:54:20.353Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2020-25760 |
vulnerable | 2026-06-03 14:42:15.378599 |
Details available
Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.
Published: 2020-09-29T19:00:10.000Z
Updated: 2025-11-11T16:57:59.747Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.