PT-2025-31457 · Projectworlds · Projectworlds Online Admission System
Sunhaobin
·
Publicado
2025-07-30
·
Atualizado
2025-08-05
·
CVE-2025-8338
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
projectworlds Online Admission System version 1.0
Description
A critical issue exists in projectworlds Online Admission System that allows for remote SQL injection. The vulnerability is located in an unknown functionality within the
/adminac.php file, specifically through manipulation of the ID argument. The exploit for this issue has been publicly disclosed.Recommendations
As a temporary workaround, restrict access to the
/adminac.php file to minimize the risk of exploitation.
Sanitize the ID parameter before using it in any database queries.Exploit
Correção
SQL injection
Special Elements Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Projectworlds Online Admission System