Lucene search
K

719 matches found

CNNVD
CNNVD
added 2025/10/27 12:0 a.m.6 views

Projectworlds Advanced Library Management System SQL注入漏洞

Projectworlds Advanced Library Management System is an advanced library management system from Projectworlds India. A SQL injection vulnerability exists in version 1.0 of projectworlds Advanced Library Management System, which stems from incorrect manipulation of the parameter keywords in the fil...

9.8CVSS7.8AI score0.00434EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/20 9:30 p.m.6 views

EUVD-2025-35092

An issue in Senayan Library Management System SLiMS 9 Bulian v.9.6.1 allows a remote attacker to execute arbitrary code via the scrapimage.php component and the imageURL parameter...

7.6CVSS7.4AI score0.0033EPSS
Exploits0References2
CVE
CVE
added 2025/10/20 12:0 a.m.11 views

CVE-2025-61488

CVE-2025-61488 affects SLiMS (Senayan Library Management System) 9 Bulian v.9.6.1. The Red Hat and other sources describe a vulnerability in scrap_image.php via the imageURL parameter that could allow a remote attacker to execute arbitrary code. The CVSS-like metrics indicate network access, high...

7.6CVSS7.6AI score0.0033EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 9:15 a.m.7 views

CVE-2025-10303

The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7librarymanagementajaxhandler function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...

4.3CVSS0.00219EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/15 8:25 a.m.3 views

CVE-2025-10303 Library Management System <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation

The Library Management System plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the owt7librarymanagementajaxhandler function in all versions up to, and including, 3.1. This makes it possible for authenticated attackers, with...

4.3CVSS4.8AI score0.00219EPSS
Exploits0References3
CVE
CVE
added 2025/10/15 8:25 a.m.13 views

CVE-2025-10303

CVE-2025-10303 affects the WordPress Library Management System plugin. The root cause is a missing capability check in owt7_library_management_ajax_handler(), affecting all versions up to 3.1, enabling authenticated users with Subscriber-level access and above to modify various plugin settings. W...

4.3CVSS4.8AI score0.00219EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/10/15 12:59 a.m.5 views

WordPress Library Management System plugin <= 3.1 - Missing Authorization to Authenticated (Subscriber+) Settings Manipulation vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Manipulation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Library Management System versions = 3.1...

4.3CVSS6.8AI score0.00219EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/10/15 12:0 a.m.4 views

WordPress plugin Library Management System 安全漏洞

The WordPress Library Management System plugin is a plugin for extending the functionality of WordPress, mainly used to help users manage website content, user data and system settings more efficiently. The WordPress Library Management System plugin suffers from an unauthorized data modification...

4.3CVSS6.6AI score0.00219EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/09 1:27 p.m.11 views

CVE-2025-11475

A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...

9.8CVSS7.2AI score0.00387EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/09 3:13 a.m.7 views

CVE-2025-11425

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...

4.8CVSS5.7AI score0.00241EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/09 3:13 a.m.4 views

CVE-2025-11426

A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbook.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. T...

8.8CVSS6.2AI score0.00302EPSS
Exploits1References1
NVD
NVD
added 2025/10/08 1:15 p.m.4 views

CVE-2025-11475

A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...

9.8CVSS0.00387EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2025/10/08 1:2 p.m.2 views

CVE-2025-11475

A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...

9.8CVSS5.4AI score0.00387EPSS
Exploits1References5Affected Software1
EUVD
EUVD
added 2025/10/08 1:2 p.m.5 views

EUVD-2025-33174

A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...

7.5CVSS6.6AI score0.00387EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2025/10/08 1:2 p.m.3 views

CVE-2025-11475 projectworlds Advanced Library Management System view_member.php sql injection

A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...

7.5CVSS7.2AI score0.00387EPSS
Exploits1References5
NVD
NVD
added 2025/10/08 3:15 a.m.9 views

CVE-2025-11425

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...

4.8CVSS0.00241EPSS
Exploits1References4
OSV
OSV
added 2025/10/08 3:15 a.m.4 views

CVE-2025-11425

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...

4.8CVSS4.2AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2025/10/08 3:2 a.m.3 views

CVE-2025-11426

A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbook.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. T...

8.8CVSS5.3AI score0.00302EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2025/10/08 3:2 a.m.14 views

CVE-2025-11426

CVE-2025-11426 affects projectworlds Advanced Library Management System 1.0. The root cause is manipulation of the image argument in /edit_book.php, yielding unrestricted remote upload. Exploitation status: public exploit is available; multiple sources confirm remote attack possible and unrestric...

8.8CVSS6.2AI score0.00302EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2025/10/08 2:32 a.m.12 views

CVE-2025-11425 projectworlds Advanced Library Management System edit_admin.php cross site scripting

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...

4.8CVSS0.00241EPSS
Exploits1References4
Rows per page
Query Builder