GCVE - cpe:2.3:a:projectworlds:visitor_management_system_in

Approved changes feed: RSS · Atom

cpe:2.3:a:projectworlds:visitor_management_system_in_php:1.0:*:*:*:*:*:*:*

part: a version: 1.0 update: *

Vendor	Projectworlds (`1c49ba31-3767-5ff6-9610-c6dcb2aee835`)
Product	Visitor Management System In Php (`f61ac9fa-8399-57fd-b1ce-856bb4cdcc16`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2024-22983`	vulnerable	2026-06-03 14:55:01.530062	Details available SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. Published: 2024-02-28T00:00:00.000Z Updated: 2025-03-27T21:13:21.661Z Open on db.gcve.eu Reference links http://visitor.com http://projectworlds.com https://github.com/keru6k/CVE-2024-22983/blob/main/CVE-2024-22983.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-22922`	vulnerable	2026-06-03 14:55:01.513238	Details available An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php Published: 2024-01-25T00:00:00.000Z Updated: 2025-06-04T21:18:04.058Z Open on db.gcve.eu Reference links http://visitor.com http://projectworlds.com https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-25761`	vulnerable	2026-06-03 14:42:15.379052	Details available Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc. Published: 2020-09-29T19:06:00.000Z Updated: 2025-11-11T16:54:20.353Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2020/Sep/45 http://packetstormsecurity.com/files/159263/Visitor-Management-System-In-PHP-1.0-Cross-Site-Scripting.html https://packetstormsecurity.com/files/author/15149/ https://www.exploit-db.com/exploits/48830	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-25760`	vulnerable	2026-06-03 14:42:15.377521	Details available Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database. Published: 2020-09-29T19:00:10.000Z Updated: 2025-11-11T16:57:59.747Z Open on db.gcve.eu Reference links http://seclists.org/fulldisclosure/2020/Sep/43 http://packetstormsecurity.com/files/159262/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html https://packetstormsecurity.com/files/author/15149/ http://packetstormsecurity.com/files/159637/Visitor-Management-System-In-PHP-1.0-SQL-Injection.html https://www.exploit-db.com/exploits/48911	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Projectworlds Visitor Management System In PHP 1.0

PURL mappings

Vulnerability references

Contribute