All the vulnerabilites related to Project Worlds - Online Time Table Generator
cve-2024-0730
Vulnerability from cvelistv5
Published
2024-01-19 19:00
Modified
2024-11-13 17:39
Severity ?
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.251553 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.251553 | signature, permissions-required | |
https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e | exploit |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Project Worlds | Online Time Table Generator |
Version: 1.0 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-01T18:18:17.874Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "vdb-entry", "technical-description", "x_transferred" ], "url": "https://vuldb.com/?id.251553" }, { "tags": [ "signature", "permissions-required", "x_transferred" ], "url": "https://vuldb.com/?ctiid.251553" }, { "tags": [ "exploit", "x_transferred" ], "url": "https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2024-0730", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-01-24T20:22:09.810744Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-11-13T17:39:07.617Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Online Time Table Generator", "vendor": "Project Worlds", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "torada (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability." }, { "lang": "de", "value": "Es wurde eine kritische Schwachstelle in Project Worlds Online Time Table Generator 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei course_ajax.php. Mittels dem Manipulieren des Arguments id mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-01-19T19:00:05.542Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.251553" }, { "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.251553" }, { "tags": [ "exploit" ], "url": "https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e" } ], "timeline": [ { "lang": "en", "time": "2024-01-19T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-01-19T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-01-19T12:14:44.000Z", "value": "VulDB entry last update" } ], "title": "Project Worlds Online Time Table Generator course_ajax.php sql injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-0730", "datePublished": "2024-01-19T19:00:05.542Z", "dateReserved": "2024-01-19T11:09:32.460Z", "dateUpdated": "2024-11-13T17:39:07.617Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-10447
Vulnerability from cvelistv5
Published
2024-10-28 13:00
Modified
2024-10-28 13:38
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.282007 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.282007 | signature, permissions-required | |
https://vuldb.com/?submit.432372 | third-party-advisory | |
https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_update_profile_sqli.md | patch |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Project Worlds | Online Time Table Generator |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:projectworlds:online_time_table_generator:1.0:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "online_time_table_generator", "vendor": "projectworlds", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-10447", "options": [ { "Exploitation": "poc" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-28T13:37:16.193883Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-28T13:38:45.802Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Online Time Table Generator", "vendor": "Project Worlds", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "jadu101 (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. Affected by this vulnerability is an unknown functionality of the file /timetable/staff/staffdashboard.php?info=updateprofile. The manipulation of the argument n leads to sql injection. The attack can be launched remotely." }, { "lang": "de", "value": "In Project Worlds Online Time Table Generator 1.0 wurde eine kritische Schwachstelle entdeckt. Betroffen ist eine unbekannte Verarbeitung der Datei /timetable/staff/staffdashboard.php?info=updateprofile. Dank der Manipulation des Arguments n mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "SQL Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-28T13:00:06.746Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-282007 | Project Worlds Online Time Table Generator staffdashboard.php sql injection", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.282007" }, { "name": "VDB-282007 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.282007" }, { "name": "Submit #432372 | Project Worlds Online Time Table Generator 1.0 SQL Injection", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.432372" }, { "tags": [ "patch" ], "url": "https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_update_profile_sqli.md" } ], "timeline": [ { "lang": "en", "time": "2024-10-28T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-10-28T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-10-28T07:20:37.000Z", "value": "VulDB entry last update" } ], "title": "Project Worlds Online Time Table Generator staffdashboard.php sql injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-10447", "datePublished": "2024-10-28T13:00:06.746Z", "dateReserved": "2024-10-28T06:15:30.332Z", "dateUpdated": "2024-10-28T13:38:45.802Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2024-10446
Vulnerability from cvelistv5
Published
2024-10-28 11:31
Modified
2024-10-28 11:59
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
6.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS score ?
Summary
A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
References
▼ | URL | Tags |
---|---|---|
https://vuldb.com/?id.282006 | vdb-entry, technical-description | |
https://vuldb.com/?ctiid.282006 | signature, permissions-required | |
https://vuldb.com/?submit.432371 | third-party-advisory | |
https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_add_department_sqli.md | exploit |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Project Worlds | Online Time Table Generator |
Version: 1.0 |
|
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:a:project_worlds:online_time_table_generator:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "online_time_table_generator", "vendor": "project_worlds", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2024-10446", "options": [ { "Exploitation": "poc" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-28T11:54:57.979417Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-28T11:59:31.911Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "Online Time Table Generator", "vendor": "Project Worlds", "versions": [ { "status": "affected", "version": "1.0" } ] } ], "credits": [ { "lang": "en", "type": "reporter", "value": "jadu101 (VulDB User)" } ], "descriptions": [ { "lang": "en", "value": "A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. Affected is an unknown function of the file /timetable/admin/admindashboard.php?info=add_course. The manipulation of the argument c leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used." }, { "lang": "de", "value": "Es wurde eine kritische Schwachstelle in Project Worlds Online Time Table Generator 1.0 entdeckt. Hiervon betroffen ist ein unbekannter Codeblock der Datei /timetable/admin/admindashboard.php?info=add_course. Durch Beeinflussen des Arguments c mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung." } ], "metrics": [ { "cvssV4_0": { "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "version": "4.0" } }, { "cvssV3_1": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1" } }, { "cvssV3_0": { "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.0" } }, { "cvssV2_0": { "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-89", "description": "SQL Injection", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-28T11:31:05.540Z", "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB" }, "references": [ { "name": "VDB-282006 | Project Worlds Online Time Table Generator admindashboard.php sql injection", "tags": [ "vdb-entry", "technical-description" ], "url": "https://vuldb.com/?id.282006" }, { "name": "VDB-282006 | CTI Indicators (IOB, IOC, TTP, IOA)", "tags": [ "signature", "permissions-required" ], "url": "https://vuldb.com/?ctiid.282006" }, { "name": "Submit #432371 | Project Worlds Online Time Table Generator 1.0 SQL Injection", "tags": [ "third-party-advisory" ], "url": "https://vuldb.com/?submit.432371" }, { "tags": [ "exploit" ], "url": "https://github.com/jadu101/CVE/blob/main/project_worlds_online_time_table_generator_add_department_sqli.md" } ], "timeline": [ { "lang": "en", "time": "2024-10-28T00:00:00.000Z", "value": "Advisory disclosed" }, { "lang": "en", "time": "2024-10-28T01:00:00.000Z", "value": "VulDB entry created" }, { "lang": "en", "time": "2024-10-28T07:20:35.000Z", "value": "VulDB entry last update" } ], "title": "Project Worlds Online Time Table Generator admindashboard.php sql injection" } }, "cveMetadata": { "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "assignerShortName": "VulDB", "cveId": "CVE-2024-10446", "datePublished": "2024-10-28T11:31:05.540Z", "dateReserved": "2024-10-28T06:15:27.716Z", "dateUpdated": "2024-10-28T11:59:31.911Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }