CVE-2025-70147

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ProjectWorlds Online Time Table Generator version 1.0

Description The application lacks proper authentication checks for specific administrative endpoints. This allows unauthenticated remote attackers to directly access sensitive information. The vulnerable endpoints are ''/admin/student.php'' and ''/admin/teacher.php''. Accessing these endpoints via direct HTTP GET requests without a valid session reveals sensitive data, including plaintext password field values.

Recommendations Implement authentication checks for access to the ''/admin/student.php'' endpoint. Implement authentication checks for access to the ''/admin/teacher.php'' endpoint.

Exploit

Fix

Missing Authentication

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306CWE-862

Related Identifiers

CVE-2025-70147

Affected Products

Online Time Table Generator

CVE-2025-70147

Weakness Enumeration

Related Identifiers

Affected Products

References · 5