CVE-2025-70147

High CVSS: 7.5

Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session.

Vendor

Projectworlds

Product

Online Time Table Generator

CWE

CWE-306

Yayın Tarihi

2026-02-18 17:21:36

Güncelleme

2026-02-20 20:07:38

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-306 Online Time Table Generator HIGH Projectworlds 2026

Referanslar

https://projectworlds.com/online-time-table-generator-php-mysql/ https://youngkevinn.github.io/posts/CVE-2025-70147-OTTTG-Info-Disclosure/

Benzer Kayıtlar

Medium

CVE-2026-3757

A security flaw has been discovered in projectworlds Online Art Gallery Shop 1.0. Affected by this vulnerability is an u…

Medium

CVE-2026-3758

A weakness has been identified in projectworlds Online Art Gallery Shop 1.0. Affected by this issue is some unknown func…

Medium

CVE-2026-3759

A security vulnerability has been detected in projectworlds Online Art Gallery Shop 1.0. This affects an unknown part of…

Medium

CVE-2026-3406

A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of t…

Critical

CVE-2025-70146

Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Genera…

Medium

CVE-2026-2136

A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /vi…