17 matches found
CVE-2025-14527
CVE-2025-14527 affects projectworlds Advanced Library Management System 1.0. The vulnerability is a SQL injection in the unknown-code path of /view_book.php triggered by manipulating the book_id parameter. It is exploitable remotely and has public exploit availability; multiple sources confirm re...
CVE-2025-11475
CVE-2025-11475 affects projectworlds Advanced Library Management System 1.0. The vulnerability is in the /view_member.php endpoint where manipulating the user_id parameter enables SQL injection, with remote exploitation and publicly disclosed exploit. Impact is high/critical per sources, includin...
CVE-2025-11425
CVE-2025-11425 affects projectworlds Advanced Library Management System 1.0, with an XSS vulnerability in the /edit_admin.php handling of the firstname parameter. The issue is exploitable remotely and has publicly available exploits. Other parameters may be affected as well. Authored/verified rep...
CVE-2025-13278
CVE-2025-13278 affects projectworlds Advanced Library Management System 1.0. The vulnerability is in the file /borrowed_book_search.php where manipulating the datefrom/dateto parameters enables SQL injection. The attack can be launched remotely, and exploit details have been publicly disclosed. R...
CVE-2025-13572
The CVE-2025-13572 entry affects projectworlds Advanced Library Management System 1.0, with a vulnerability in the /delete_admin.php path where manipulating the admin_id parameter enables SQL injection. Remote exploitation is possible and an exploit is publicly available. Several sources corrobor...
CVE-2025-13253
CVE-2025-13253 affects projectworlds Advanced Library Management System 1.0. A SQL injection vulnerability exists in the /add_librarian.php file due to manipulation of the Username parameter. This can be exploited remotely and the exploit has been publicly disclosed. Multiple sources corroborate ...
CVE-2025-13256
CVE-2025-13256 affects projectworlds Advanced Library Management System 1.0. The vulnerability is in an unknown function of /borrow.php where manipulating the argument roll_number can cause SQL injection. The flaw can be exploited remotely, and public exploits are available. The connected documen...
CVE-2025-11426
CVE-2025-11426 affects projectworlds Advanced Library Management System 1.0. The root cause is manipulation of the image argument in /edit_book.php, yielding unrestricted remote upload. Exploitation status: public exploit is available; multiple sources confirm remote attack possible and unrestric...
CVE-2025-12237
The CVE-2025-12237 entry concerns projectworlds Advanced Library Management System 1.0. A vulnerability exists in the /index.php file where manipulating the keywords parameter enables SQL injection. The flaw is remotely exploitable, and public exploit code is available. Connected sources corrobor...
CVE-2025-13573
CVE-2025-13573 concerns a vulnerability in Projectworlds’ add_book.php where manipulating the image parameter enables unrestricted file uploads. The issue is in unknown code for /add_book.php and is exploitable remotely, with public exploits available. The provided documents do not specify affect...
CVE-2025-14212
CVE-2025-14212 affects projectworlds Advanced Library Management System 1.0. Affected functionality is at /member_search.php where manipulating the roll_number parameter can trigger a SQL injection. Exploitation is possible remotely, and an exploit has been published. The issue is corroborated ac...
CVE-2025-14570
CVE-2025-14570 affects projectworlds Advanced Library Management System 1.0. The vulnerability is in the file routes involving the parameter that controls the admin ID (notably /view_admin.php or /view admin.php in variants) where improper handling/manipulation of the admin_id parameter enables S...
CVE-2025-14210
CVE-2025-14210 affects projectworlds Advanced Library Management System 1.0. The vulnerability is in the /delete_member.php file where manipulation of the user_id parameter enables SQL injection. Attacks are remote and the exploit has been publicly disclosed. Impact is high/critical per CVSS vect...
CVE-2025-14571
The CVE-2025-14571 entry affects Projectworlds Advanced Library Management System 1.0, specifically the /borrow_book.php functionality. The vulnerability arises from manipulation of the roll_number argument, leading to SQL injection. It is exploitable remotely and an exploit has been disclosed pu...
CVE-2025-13255
CVE-2025-13255 affects Projectworlds Advanced Library Management System 1.0. The vulnerability is a SQL injection in the /book_search.php handler, triggered by manipulating the book_pub/book_title argument. The issue is exploitable remotely and an exploit has been released publicly. Affected comp...
CVE-2025-13254
CVE-2025-13254 affects projectworlds Advanced Library Management System 1.0. The vulnerability is in the unknown code path of /add_member.php where manipulation of the roll_number parameter enables SQL injection. Exploitation may be remote and public exploitation is indicated by the sources. The ...
CVE-2025-14211
CVE-2025-14211 affects the projectworlds Advanced Library Management System 1.0. The vulnerability is in an unknown functionality of the file /delete_book.php, where manipulating the argument book_id yields a SQL injection. The issue is remotely exploitable and, per connected sources, the exploit...