Chenguang

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A flaw exists in projectworlds Advanced Library Management System version 1.0, specifically within the file `/edit admin.php`. Manipulation of the `firstname` argument can lead to cross-site scripting. This issue is potentially exploitable remotely. The exploit is publicly available. Other parameters may also be affected. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A security flaw exists in projectworlds Advanced Library Management System 1.0. The issue involves an unrestricted upload capability due to the manipulation of the `image` argument within the /edit book.php file. This allows for remote attacks. The exploit for this issue has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A flaw exists in projectworlds Advanced Library Management System that allows for remote code execution. The issue is related to the manipulation of the `user id` argument within the /view member.php file, which can lead to SQL injection. The exploit for this issue has been publicly disclosed. **Recommendations** As a temporary workaround, consider restricting access to the /view member.php file until a fix is available. Avoid using the parameter `user id` in the /view member.php endpoint until the issue is resolved.