CVE-2025-70146

Critical CVSS: 9.1

Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session.

Vendor

Projectworlds

Product

Online Time Table Generator

CWE

CWE-306

Yayın Tarihi

2026-02-18 17:21:35

Güncelleme

2026-02-20 20:07:49

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-306 Online Time Table Generator CRITICAL Projectworlds 2026

Referanslar

https://projectworlds.com/online-time-table-generator-php-mysql/ https://youngkevinn.github.io/posts/CVE-2025-70146-OTTTG-Unauth-Deletion/

Benzer Kayıtlar

Medium

CVE-2026-3757

A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an u…

Medium

CVE-2026-3758

A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown func…

Medium

CVE-2026-3759

A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of…

Medium

CVE-2026-3406

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of t…

High

CVE-2025-70147

Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 all…

Medium

CVE-2026-2136

A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /vi…