719 matches found
Projectworlds Advanced Library Management System SQL注入漏洞
Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in version 1.0 of projectworlds Advanced Library Management System, which stems from incorrect manipulation of the parameter keywords in the fil...
EUVD-2025-35092
An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...
CVE-2025-61488
CVE-2025-61488 affects SLiMS (Senayan Library Management System) 9 Bulian v.9.6.1. The Red Hat and other sources describe a vulnerability in scrap_image.php via the imageURL parameter that could allow a remote attacker to execute arbitrary code. The CVSS-like metrics indicate network access, high...
CVE-2025-10303
The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7librarymanagementajaxhandler function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...
CVE-2025-10303 Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation
The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7librarymanagementajaxhandler function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...
CVE-2025-10303
CVE-2025-10303 affects the WordPress Library Management System plugin. The root cause is a missing capability check in owt7_library_management_ajax_handler(), affecting all versions up to 3.1, enabling authenticated users with Subscriber-level access and above to modify various plugin settings. W...
WordPress Library Management System plugin <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation vulnerability
Missing Authorization to Authenticated Subscriber+ Settings Manipulation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Library Management System versions = 3.1...
WordPress plugin Library Management System 安全漏洞
The WordPress Library Management System plugin is a plugin for extending the functionality of WordPress, mainly used to help users manage website content, user data and system settings more efficiently. The WordPress Library Management System plugin suffers from an unauthorized data modification...
CVE-2025-11475
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...
CVE-2025-11425
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...
CVE-2025-11426
A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbook.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. T...
CVE-2025-11475
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...
CVE-2025-11475
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...
EUVD-2025-33174
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...
CVE-2025-11475 projectworlds Advanced Library Management System view_member.php sql injection
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...
CVE-2025-11425
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...
CVE-2025-11425
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...
CVE-2025-11426
A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbook.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. T...
CVE-2025-11426
CVE-2025-11426 affects projectworlds Advanced Library Management System 1.0. The root cause is manipulation of the image argument in /edit_book.php, yielding unrestricted remote upload. Exploitation status: public exploit is available; multiple sources confirm remote attack possible and unrestric...
CVE-2025-11425 projectworlds Advanced Library Management System edit_admin.php cross site scripting
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...