CVE-2025-9047

Name of the Vulnerable Software and Affected Versions: Projectworlds Visitor Management System version 1.0

Description: A vulnerability has been found in projectworlds Visitor Management System 1.0. The manipulation of the argument rid in an unknown function of the file /visitor out.php leads to SQL injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public.

Recommendations: As a temporary workaround, consider restricting access to the /visitor out.php file until a fix is available. Sanitize the rid parameter before using it in any database queries.