4 matches found
CVE-2025-7412
CVE-2025-7412 concerns code-projects Library System 1.0. The vulnerability lies in /user/student/profile.php where manipulation of the image parameter enables unrestricted file upload. Allied reports (Red Hat, NVD, CNVD, PT-Security, CNVD, etc.) consistently describe the issue as a critical, remo...
CVE-2025-7413
The CVE-2025-7413 issue affects code-projects Library System 1.0, specifically the /user/teacher/profile.php file. The root cause is improper handling/validation of the image parameter, which allows unrestricted file uploads. This enables remote initiation of an attack and matches the reported pu...
CVE-2025-13580
The CVE-2025-13580 entry relates to Library System 1.0 (code-projects). Multiple connected sources confirm SQL injection in the /mail.php file caused by unsafely handling the ID parameter, enabling remote exploitation. Descriptions consistently attribute the vulnerability to lack of input validat...
CVE-2025-13579
CVE-2025-13579 affects code-projects Library System 1.0, specifically the file /return.php. Multiple connected records confirm a SQL Injection vulnerability originating from the ID parameter, enabling remote exploitation. The vulnerability is widely documented across CVE feeds (NVD/NVD mirror, RH...