CVE-2025-4034

Name of the Vulnerable Software and Affected Versions projectworlds Online Examination System version 1.0

Description A critical issue was found in the projectworlds Online Examination System, affecting an unknown functionality of the file /inser doc process.php. The manipulation of the Doc ID argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For projectworlds Online Examination System version 1.0, consider restricting access to the /inser doc process.php file until a patch is available. As a temporary workaround, avoid using the Doc ID argument in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.