CVE-2025-5004
projectworlds Online Time Table Generator add_course.php sql injection
Description
A vulnerability was found in projectworlds Online Time Table Generator 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/add_course.php. The manipulation of the argument c/subname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Vector Breakdown
AV:NAttack VectorAC:LAttack ComplexityPR:NPrivileges RequiredUI:NUser InteractionS:UScopeC:LConfidentialityI:LIntegrityA:LAvailabilityWeaknesses
Affected Products
Exploitability
Exploit details including PoC links, Metasploit modules, and scanner templates are available after registration.
View exploit detailsAttack Graph
Click technique nodes for MITRE ATT&CK details · drag to pan · Ctrl/⌘ + scroll to zoom, or go fullscreen.
MITRE ATT&CK
2 techniquesReferences
Unlock Complete Vulnerability Intelligence
Get the full picture for CVE-2025-5004 and every CVE in our database. Create a free account — no credit card required.
Create Free Account