Library System Security Vulnerabilities and Issues — Library System CVE List

Code-projectsLibrary System

20 matches found

CVE•added 2024/02/23 6:0 p.m.•111 views

CVE-2024-1829

CVE-2024-1829 affects code-projects Library System 1.0. The vulnerability is in Source/librarian/user/student/registration.php where manipulation of email, regno, phone, or username leads to SQL injection. It is remote, with the exploit disclosed publicly. Affected CVSS metrics include a high/cri...

9.8CVSS7.5AI score0.0076EPSS

Web

CVE•added 2024/02/23 6:31 p.m.•103 views

CVE-2024-1830

CVE-2024-1830 affects code-projects Library System 1.0. The vulnerable component is the file Source/librarian/user/student/lost-password.php, where the manipulation of the email parameter leads to an SQL injection. The issue can be exploited remotely and the exploit has been disclosed publicly. R...

9.8CVSS7.4AI score0.00813EPSS

Web

CVE•added 2024/02/23 6:0 p.m.•101 views

CVE-2024-1828

Code-projects Library System 1.0 is affected by a SQL injection in Source/librarian/user/teacher/registration.php. The vulnerability arises from unsafely handling the arguments email, idno, phone, and username, enabling remote exploitation. Public exploitation information is present, and the entr...

9.8CVSS7.5AI score0.00731EPSS

Web

CVE•added 2024/02/23 5:31 p.m.•99 views

CVE-2024-1827

CVE-2024-1827 affects code-projects Library System 1.0. The vulnerability resides in the login path (Source/librarian/user/teacher/login.php) where manipulating the username and password parameters leads to an SQL injection. The issue is exploitable remotely and, per available sources, the exploi...

9.8CVSS7.5AI score0.00701EPSS

Web

CVE•added 2024/02/23 5:0 p.m.•96 views

CVE-2024-1826

The CVE-2024-1826 entry affects code-projects Library System 1.0, specifically the file Source/librarian/user/student/login.php. The vulnerability arises from improper handling of the username and password parameters, allowing SQL injection. The attack can be initiated remotely and, according to ...

9.8CVSS7.5AI score0.00579EPSS

Web

CVE•added 2025/07/10 7:32 p.m.•25 views

CVE-2025-7412

CVE-2025-7412 concerns code-projects Library System 1.0. The vulnerability lies in /user/student/profile.php where manipulation of the image parameter enables unrestricted file upload. Allied reports (Red Hat, NVD, CNVD, PT-Security, CNVD, etc.) consistently describe the issue as a critical, remo...

8.8CVSS6.5AI score0.00311EPSS

Web

CVE•added 2025/07/08 3:32 p.m.•19 views

CVE-2025-7184

CVE-2025-7184 affects code-projects Library System 1.0, specifically the file path /user/teacher/books.php. The vulnerability is a SQL injection triggered by manipulating the argument named Search ; exploitation is possible remotely and has been disclosed publicly. Multiple sources describe the r...

9.8CVSS7.5AI score0.00399EPSS

Web

CVE•added 2025/06/29 1:0 a.m.•18 views

CVE-2025-6837

CVE-2025-6837 affects code-projects Library System 1.0. The vulnerability is in the file /profile.php where the image parameter can be manipulated to achieve unrestricted file upload. The issue arises from lack of validation of uploaded files, enabling remote exploitation. Multiple sources corrob...

9.8CVSS6.5AI score0.00325EPSS

CVE•added 2025/06/30 9:2 a.m.•18 views

CVE-2025-6900

The CVE-2025-6900 entry affects code-projects Library System 1.0, with the flaw located in /add-book.php where the image parameter allows unrestricted file uploads. This remote, publicly disclosed vulnerability could enable attackers to upload arbitrary files. Several sources (NVD, Red Hat, CNNVD...

9.8CVSS6.5AI score0.00325EPSS

CVE•added 2025/07/08 4:2 p.m.•18 views

CVE-2025-7185

The CVE-2025-7185 vulnerability affects code-projects Library System 1.0, specifically the /approve.php file where manipulating the ID parameter induces an SQL injection. Exploitation is remote and publicly disclosed, with multiple sources confirming a SQL injection path and potential impact on c...

9.8CVSS7.8AI score0.00399EPSS

CVE•added 2025/07/10 8:2 p.m.•18 views

CVE-2025-7413

The CVE-2025-7413 issue affects code-projects Library System 1.0, specifically the /user/teacher/profile.php file. The root cause is improper handling/validation of the image parameter, which allows unrestricted file uploads. This enables remote initiation of an attack and matches the reported pu...

8.8CVSS7.2AI score0.00311EPSS

Web

CVE•added 2025/06/29 12:31 a.m.•17 views

CVE-2025-6836

CVE-2025-6836 affects code-projects Library System 1.0, with SQL injection in /profile.php via the phone parameter. It is a remote, publicly disclosed vulnerability in an unknown function, potentially allowing data disclosure. The connected documents do not provide a confirmed patch or version co...

9.8CVSS7.6AI score0.00399EPSS

CVE•added 2025/07/08 10:32 a.m.•17 views

CVE-2025-7174

CVE-2025-7174 affects code-projects Library System 1.0. The vulnerability is a SQL injection caused by manipulation of the idn parameter in the file "/teacher-issue-book.php". It can be triggered remotely and has been disclosed publicly. Multiple sources (including PT-2025-28404) confirm a critic...

9.8CVSS7.5AI score0.00454EPSS

CVE•added 2025/06/29 12:0 a.m.•16 views

CVE-2025-6835

CVE-2025-6835 affects code-projects Library System 1.0, with a vulnerability in the processing of the file "/student-issue-book.php" where the parameter reg can be manipulated to induce an SQL injection . The issue is exploitable remotely and has been discussed across multiple sources; CVSS vecto...

9.8CVSS7.5AI score0.00399EPSS

CVE•added 2025/07/08 1:2 p.m.•15 views

CVE-2025-7179

The CVE-2025-7179 entry describes a SQL injection in code-projects Library System 1.0, triggered by manipulating the Username parameter in /add-teacher.php. Remote exploitation is possible and public exploits are noted. All connected sources consistently identify this issue as a SQL injection in ...

9.8CVSS7.6AI score0.00478EPSS

CVE•added 2025/07/08 10:32 p.m.•15 views

CVE-2025-7199

CVE-2025-7199 is a confirmed SQL injection vulnerability in Code-projects Library System 1.0, arising from unsafely processing the ID parameter in /notapprove.php. Multiple connected sources (CNVD, NVD, RH/CVE, CVE records, PT security) describe remote exploitation possible, with PoC exploitation...

9.8CVSS7.5AI score0.00399EPSS

CVE•added 2025/07/08 10:2 a.m.•14 views

CVE-2025-7173

CVE-2025-7173 affects code-projects Library System 1.0. The vulnerability exists in the /add-student.php file where manipulation of the Username parameter enables SQL injection. Multiple connected sources characterize this as a remote, high-impact issue with potential to exfiltrate or alter data....

9.8CVSS7.5AI score0.00596EPSS

CVE•added 2025/11/24 2:2 a.m.•7 views

CVE-2025-13578

The connected CNVD/NVD entries confirm a real vulnerability in code-projects’ Library System 1.0, specifically in the Login component’s index.php. The flaw arises from unsafely handling the Username parameter, enabling remote SQL injection. The affected file is /index.php (Login), and exploitatio...

9.8CVSS6.8AI score0.00326EPSS

CVE•added 2025/11/24 2:32 a.m.•6 views

CVE-2025-13579

CVE-2025-13579 affects code-projects Library System 1.0, specifically the file /return.php. Multiple connected records confirm a SQL Injection vulnerability originating from the ID parameter, enabling remote exploitation. The vulnerability is widely documented across CVE feeds (NVD/NVD mirror, RH...

8.8CVSS6.7AI score0.00263EPSS

CVE•added 2025/11/24 3:2 a.m.•6 views

CVE-2025-13580

The CVE-2025-13580 entry relates to Library System 1.0 (code-projects). Multiple connected sources confirm SQL injection in the /mail.php file caused by unsafely handling the ID parameter, enabling remote exploitation. Descriptions consistently attribute the vulnerability to lack of input validat...

8.8CVSS6.7AI score0.00263EPSS