CVE-2024-22922

CRITICAL

Projectworlds Vistor Management System <1.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-22922. PoCs published by pwnpwnpur1n.

AI-analyzed exploit summary The repository contains a technical analysis of CVE-2024-22922, detailing a hardcoded credential vulnerability in projectworlds' Visitor Management System. The flaw allows authentication bypass due to improper credential validation in the SQL query.

Description

An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php

Exploits (1)

nomisec WRITEUP

by pwnpwnpur1n · poc

https://github.com/pwnpwnpur1n/CVE-2024-22922

View Code ZIP pw:eip

The repository contains a technical analysis of CVE-2024-22922, detailing a hardcoded credential vulnerability in projectworlds' Visitor Management System. The flaw allows authentication bypass due to improper credential validation in the SQL query.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: projectworlds Visitor Management System

No auth needed

Prerequisites: Access to the login page of the Visitor Management System

MITRE ATT&CK

T1110.001 - Password Guessing

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Product

http://projectworlds.com

Not Applicable

http://visitor.com

Exploit, Third Party Advisory

https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md

View Exploit ZIP pw:eip

Scores

CVSS v3 9.8

EPSS 0.0097

EPSS Percentile 57.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-269

Status published

Products (1)

projectworlds/visitor_management_system 1.0

Published Jan 25, 2024

Tracked Since Feb 18, 2026