CVE Details
Basic Information
| Title | Projectworlds Online Admission System admin.php sql injection |
|---|---|
| Type | cve |
| Published | 2025-07-27T23:32:04.936Z |
| Modified | 2025-07-27T23:32:04.936Z |
Product Information
| Vendor | Projectworlds |
|---|---|
| Product | Online Admission System |
| Version | 1.0 |
CVSS Information
| Base Score | 5.3 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P |
AI Analysis
| AI Description | A SQL injection vulnerability has been identified in Projectworlds Online Admission System version 1.0. This vulnerability allows remote attackers to inject malicious SQL code through the ‘markof’ argument in admin.php, potentially leading to unauthorized data access or modification. The exploit is publicly disclosed, making it critical to address this issue promptly. |
|---|---|
| AI Severity | Medium |
| AI Vendor | Projectworlds |
| AI Product | Online Admission System |
| AI Version | 1.0 |
Affected Products
- Projectworlds Online Admission System 1.0
Additional Information
| CWE List | CWE-89, CWE-74 |
|---|---|
| Source | VulDB |
Description
A vulnerability classified as critical has been found in Projectworlds Online Admission System 1.0. This affects an unknown part of the file /admin.php. The manipulation of the argument markof leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.