PatchSiren

projectworlds CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

LOW projectworlds CVE published 2026-06-04

CVE-2026-10875

A SQL injection vulnerability has been discovered in the Online Art Gallery Shop Project 1.0. The vulnerability exists in an unknown function of the file /admin/adminHome.php, specifically in the manipulation of the argument social_twitter. This vulnerability allows for remote attacks and has been publicly disclosed. The CVSS score for this vulnerability is 2.1, indicating a low severity.

LOW projectworlds CVE published 2026-06-04

CVE-2026-10874

A SQL injection vulnerability was identified in the Online Art Gallery Shop Project 1.0. The affected element is an unknown function of the file /admin/adminHome.php. The manipulation of the argument social_insta leads to SQL injection. The attack may be initiated remotely. The exploit is publicly available and might be used.

MEDIUM projectworlds CVE published 2026-05-24

CVE-2026-9364

A SQL injection vulnerability exists in projectworlds Online Art Gallery Shop 1.0, specifically within the /admin/adminHome.php file. The vulnerability stems from improper sanitization of the 'social_linked' parameter, allowing remote attackers to manipulate SQL queries. The issue was published on May 24, 2026, with subsequent modification on May 26, 2026. The vulnerability carries a CVSS 4.0 score of 5.5 [truncated]

MEDIUM projectworlds CVE published 2026-05-18

CVE-2026-8785

CVE-2026-8785 describes a remotely reachable SQL injection in projectworlds hospital-management-system-in-php 1.0, specifically in getAllPatientDetail within update_info.php when the appointment_no GET parameter is manipulated. The supplied source metadata also indicates a public exploit reference and says the project was notified early via an issue report but had not responded at the time of publication. [truncated]