CVE-2024-22983

Name of the Vulnerable Software and Affected Versions Projectworlds Visitor Management System version 1.0

Description A SQL injection issue allows a remote attacker to escalate privileges via the name parameter in the "myform.php" endpoint. This enables the attacker to potentially gain unauthorized access to sensitive data or systems.

Recommendations For Projectworlds Visitor Management System version 1.0, consider disabling the myform.php endpoint or restricting access to it until a patch is available. Avoid using the name parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.