CVE-2024-0730

MEDIUM

Project Worlds Online Time Table Generator 1.0 - SQL Injection

Title source: llm

Description

A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability.

References (3)

Core 3

Core References

Permissions Required vdb-entry technical-description

https://vuldb.com/?id.251553

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.251553

Exploit exploit

https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e

Scores

CVSS v3 6.3

EPSS 0.0008

EPSS Percentile 23.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

projectworlds/online_time_table_generator 1.0

Published Jan 19, 2024

Tracked Since Feb 18, 2026