Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Stored Cross-Site Scripting vulnerability.

Asset Management System v1.0 is vulnerable to an Authenticated SQL Injection vulnerability on the 'first_name' and 'last_name' parameters of user.php page, allowing an authenticated attacker to dump all the contents of the database contents.

Asset Management System v1.0 is vulnerable to an unauthenticated SQL Injection vulnerability on the 'email' parameter of index.php page, allowing an external attacker to dump all the contents of the database contents and bypass the login control.

Online Movie Ticket Booking System v1.0 is vulnerable to an authenticated Reflected Cross-Site Scripting vulnerability.

Gym Management System Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'file' parameter of profile/i.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of admin_edit.php page, allowing an authenticated attacker to obtain Remote Code Execution on the server hosting the application.

Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.

Hospital management system version 378c157 allows to bypass authentication. This is possible because the application is vulnerable to SQLI.

Projectworldsl Assets-management-system-in-php 1.0 is vulnerable to SQL Injection via the "id" parameter in delete.php.

A vulnerability, which was classified as critical, has been found in SourceCodester/projectworlds House Rental and Property Listing 1.0. This issue affects some unknown processing of the file /index.php. The manipulation of the argument keywords/location leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Online Examination System version 1.0 suffers from a cross site scripting vulnerability via index.php.

An issue was discovered in Projectworlds Hospital Management System v1.0. Unauthorized malicious attackers can add patients without restriction via add_patient.php.

An issue was discovered in Online-Movie-Ticket-Booking-System 1.0. The file about.php does not perform input validation on the 'id' paramter. An attacker can append SQL queries to the input to extract sensitive information from the database.

Projectworlds online-shopping-webvsite-in-php 1.0 suffers from a SQL Injection vulnerability via the "id" parameter in cart_add.php, No login is required.

An SQL Injection vulnerability exists in Projectworlds Online Examination System 1.0 via the eid parameter in account.php.

Projectsworlds Online Shopping System PHP 1.0 is vulnerable to SQL injection via the id parameter in cart_remove.php.

In ProjectWorlds Online Shopping System PHP 1.0, a CSRF vulnerability in cart_remove.php allows a remote attacker to remove any product in the customer's cart.

Projectsworlds Online Book Store PHP v1.0 is vulnerable to SQL injection via the "bookisbn" parameter in cart.php.

In ProjectWorlds Online Book Store PHP 1.0 a CSRF vulnerability in admin_delete.php allows a remote attacker to delete any book.

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the appointment_no parameter in payment.php.

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in add_patient.php. As a result, an authenticated malicious user can compromise the databases system and in some cases leverage this vulnerability to get remote code execution on the remote web server.

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via multiple parameters in admin_home.php.

Projectworlds Hospital Management System v1.0 is vulnerable to SQL injection via the email parameter in hms-staff.php.

XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field

SQL Injection vulnerability in Online Book Store v1.0 via the publisher parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.

Arbitrary File Upload vulnerability in Online Book Store v1.0 in admin_add.php, which may lead to remote code execution.

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_delete.php, which could let a remote malicious user execute arbitrary code.

Incorrect Access Control vulnerability in Online Book Store v1.0 via admin_verify.php, which could let a remote mailicious user bypass authentication and obtain sensitive information.

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to book.php parameter, which could let a remote malicious user execute arbitrary code.

SQL Injection vulnerability in Online Book Store v1.0 via the bookisbn parameter to admin_edit.php, which could let a remote malicious user execute arbitrary code.

SQL Injection vulnerability in Online Book Store v1.0 via the pubid parameter to bookPerPub.php, which could let a remote malicious user execute arbitrary code.

SQL Injection vulnerability in Online Book Store v1.0 via the isbn parameter to edit_book.php, which could let a remote malicious user execute arbitrary code.

Marital - Online Matrimonial Project In PHP version 1.0 suffers from an authenticated file upload vulnerability allowing remote attackers to gain remote code execution (RCE) on the Hosting web server via uploading a maliciously crafted PHP file.

Projectworlds Visitor Management System in PHP 1.0 allows XSS. The file myform.php does not perform input validation on the request parameters. An attacker can inject javascript payloads in the parameters to perform various attacks such as stealing of cookies,sensitive information etc.

Projectworlds Visitor Management System in PHP 1.0 allows SQL Injection. The file front.php does not perform input validation on the 'rid' parameter. An attacker can append SQL queries to the input to extract sensitive information from the database.

Projectworlds House Rental v1.0 suffers from an unauthenticated SQL Injection vulnerability, allowing remote attackers to execute arbitrary code on the hosting webserver via a malicious index.php POST request.

Arbitrary File Upload in the Vehicle Image Upload component in Project Worlds Car Rental Management System v1.0 allows attackers to conduct remote code execution.

Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution.

File Upload component in Projects World House Rental v1.0 suffers from an arbitrary file upload vulnerability with regular users, which allows remote attackers to conduct code execution.

An issue was discovered in Project Worlds Official Car Rental System 1. It allows the admin user to run commands on the server with their account because the upload section on the file-manager page contains an arbitrary file upload vulnerability via add_cars.php. There are no upload restrictions for executable files.

Project Worlds Official Car Rental System 1 is vulnerable to multiple SQL injection issues, as demonstrated by the email and parameters (account.php), uname and pass parameters (login.php), and id parameter (book_car.php) This allows an attacker to dump the MySQL database and to bypass the login authentication prompt.