CVE-2026-4540

HIGH 7.3

projectworlds Online Notes Sharing System Parameters login.php sql injection

CVSS Score

7.3

EPSS Score

0.0%

EPSS Percentile

8th

A vulnerability was detected in projectworlds Online Notes Sharing System 1.0. This issue affects some unknown processing of the file /login.php of the component Parameters Handler. The manipulation of the argument User results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

CWE	CWE-89 CWE-74
Vendor	projectworlds
Product	online notes sharing system
Published	Mar 22, 2026
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for projectworlds online notes sharing system

Be the first to know when new high vulnerabilities affecting projectworlds online notes sharing system are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

projectworlds / Online Notes Sharing System

1.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.352357 vuldb.com: https://vuldb.com/?ctiid.352357 vuldb.com: https://vuldb.com/?submit.774686 github.com: https://github.com/juzidddd/CVE/issues/4

Credits

🔍 j-jcp (VulDB User)