Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Travel_management_system
(Projectworlds)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 7 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-08-15 | CVE-2025-9050 | A vulnerability was found in projectworlds Travel Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /addcategory.php. The manipulation of the argument t1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | Travel_management_system | 9.8 | ||
| 2025-08-15 | CVE-2025-9051 | A vulnerability was determined in projectworlds Travel Management System 1.0. Affected by this issue is some unknown functionality of the file /updatecategory.php. The manipulation of the argument t1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | Travel_management_system | 9.8 | ||
| 2024-11-04 | CVE-2024-51328 | Cross Site Scripting vulnerability in addcategory.php in projectworld's Travel Management System v1.0 allows remote attacker to inject arbitrary code via the t2 parameter. | Travel_management_system | N/A | ||
| 2020-08-27 | CVE-2020-24203 | Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | Travel_management_system | 9.8 | ||
| 2021-05-17 | CVE-2020-29205 | XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field | Travel_management_system | 6.1 | ||
| 2024-11-04 | CVE-2024-51326 | SQL Injection vulnerability in projectworlds Travel management System v.1.0 allows a remote attacker to execute arbitrary code via the 't2' parameter in deletesubcategory.php. | Travel_management_system | 7.5 | ||
| 2024-11-04 | CVE-2024-51327 | SQL Injection in loginform.php in ProjectWorld's Travel Management System v1.0 allows remote attackers to bypass authentication via SQL Injection in the 'username' and 'password' fields. | Travel_management_system | 9.8 |