Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
ProjectWorlds Online Time Table Generator: Sensitive Info Exposed to Unauthenticated Users
CVE-2025-70147
Summary
If you use ProjectWorlds Online Time Table Generator, an attacker can access sensitive information, such as passwords, by simply visiting certain web pages. This is a serious issue because it allows unauthorized access to critical data. Update to the latest version to fix this issue and prevent access to sensitive information.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| projectworlds | online_time_table_generator | 1.0 | – |
Original title
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext pas...
Original description
Missing authentication in /admin/student.php and /admin/teacher.php in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to obtain sensitive information (including plaintext password field values) via direct HTTP GET requests to these endpoints without a valid session.
nvd CVSS3.1
7.5
Vulnerability type
CWE-306
Missing Authentication for Critical Function
CWE-862
Missing Authorization
- https://projectworlds.com/online-time-table-generator-php-mysql/ Product
- https://youngkevinn.github.io/posts/CVE-2025-70147-OTTTG-Info-Disclosure/ Exploit Mitigation Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026