Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.1
ProjectWorlds Online Time Table Generator 1.0: Unauthenticated Admin Access
CVE-2025-70146
Summary
A security issue in ProjectWorlds Online Time Table Generator 1.0 allows unauthorized users to access administrative features, such as adding or deleting records, without proper authentication. This means that anyone can potentially access sensitive areas of the application without a valid login. To fix this, update to a patched version or apply manual fixes to ensure proper authentication checks are in place.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| projectworlds | online_time_table_generator | 1.0 | – |
Original title
Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operat...
Original description
Missing authentication in multiple administrative action scripts under /admin/ in ProjectWorlds Online Time Table Generator 1.0 allows remote attackers to perform unauthorized administrative operations (e.g.,adding records, deleting records) via direct HTTP requests to affected endpoints without a valid session.
nvd CVSS3.1
9.1
Vulnerability type
CWE-306
Missing Authentication for Critical Function
CWE-862
Missing Authorization
- https://projectworlds.com/online-time-table-generator-php-mysql/ Product
- https://youngkevinn.github.io/posts/CVE-2025-70146-OTTTG-Unauth-Deletion/ Exploit Mitigation Third Party Advisory
Published: 18 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026