CVE-2025-70146
📋 TL;DR
This vulnerability allows remote attackers to perform administrative operations without authentication in ProjectWorlds Online Time Table Generator 1.0. Attackers can add, delete, or modify records by directly accessing administrative scripts. All users running the vulnerable version are affected.
💻 Affected Systems
- ProjectWorlds Online Time Table Generator
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Complete compromise of the application with unauthorized data manipulation, deletion of all records, or injection of malicious content affecting users.
Likely Case
Unauthorized modification or deletion of timetable data, potentially disrupting operations or causing data loss.
If Mitigated
No impact if proper authentication controls are implemented or the vulnerable endpoints are restricted.
🎯 Exploit Status
Exploitation requires only HTTP requests to vulnerable /admin/ endpoints without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Unknown
Vendor Advisory: None known
Restart Required: No
Instructions:
No official patch available. Consider implementing authentication checks or upgrading if a patched version becomes available.
🔧 Temporary Workarounds
Implement Authentication Middleware
allAdd authentication checks to all /admin/ scripts to verify valid user sessions before processing requests.
Modify PHP scripts in /admin/ directory to include session validation
Restrict Access via Web Server
linuxUse web server configuration to restrict access to /admin/ directory to authorized IP addresses only.
For Apache: Use .htaccess with Require ip directives
For Nginx: Use allow/deny directives in location block
🧯 If You Can't Patch
- Implement network-level access controls to restrict access to the /admin/ directory
- Monitor and log all access attempts to /admin/ endpoints for suspicious activity
🔍 How to Verify
Check if Vulnerable:
Attempt to access /admin/ endpoints without authentication. If administrative operations succeed, the system is vulnerable.Check Version:
Check the application's version file or documentation, typically in README or config files.Verify Fix Applied:
Verify that accessing /admin/ endpoints without valid authentication returns an error or redirects to login.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /admin/ endpoints without corresponding authentication/session logs
- Unusual administrative operations from unexpected IP addresses
Network Indicators:
- HTTP POST/GET requests to /admin/ scripts without authentication headers
SIEM Query:
source="web_server_logs" AND uri_path="/admin/*" AND NOT (user_session="valid" OR auth_status="success")