PT-2025-22317 · Unknown · Project Worlds Online Time Table Generator
Attackxuu
·
Published
2025-05-20
·
Updated
2025-05-28
·
CVE-2025-5008
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
ProjectWorlds Online Time Table Generator version 1.0
Description
A critical issue was found in the ProjectWorlds Online Time Table Generator. The problem is related to the file /admin/add teacher.php, where the manipulation of the
e argument leads to SQL injection. This issue can be exploited remotely.Recommendations
For ProjectWorlds Online Time Table Generator version 1.0, consider restricting access to the /admin/add teacher.php file until a fix is available. As a temporary workaround, avoid using the
e argument in the affected file to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Project Worlds Online Time Table Generator