CVE Details
Basic Information
| Title | projectworlds Responsive E-Learning System delete_file.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-05-26T23:31:04.510Z |
| Last Seen |
Product Information
| Vendor | projectworlds |
|---|---|
| Product | Responsive E-Learning System |
| Version | 1.0 |
CVSS Information
| Base Score | 6.9 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A critical SQL injection vulnerability exists in the /admin/delete_file.php file of projectworlds Responsive E-Learning System 1.0. The vulnerability allows remote attackers to execute arbitrary SQL commands via the ID parameter, potentially compromising the system. The exploit is publicly available and can be used to gain unauthorized access or manipulate data. |
|---|---|
| AI Severity | High |
| Vendor | projectworlds |
| Product | Responsive E-Learning System |
| Affected Version | 1.0 |
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-89, CWE-74 |
| Bulletin Family | |
| Source Data | projectworlds Responsive E-Learning System 1.0 |
Source Information
| Source Data | projectworlds Responsive E-Learning System 1.0 |
|---|---|
| Source Link |
Description
A vulnerability was found in projectworlds Responsive E-Learning System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/delete_file.php. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score Summary
Base Score: 6.9 (MEDIUM)