CVE-2025-8338

Name of the Vulnerable Software and Affected Versions projectworlds Online Admission System version 1.0

Description A critical issue exists in projectworlds Online Admission System that allows for remote SQL injection. The vulnerability is located in an unknown functionality within the /adminac.php file, specifically through manipulation of the ID argument. The exploit for this issue has been publicly disclosed.

Recommendations As a temporary workaround, restrict access to the /adminac.php file to minimize the risk of exploitation. Sanitize the ID parameter before using it in any database queries.