Gysakura

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A flaw exists in projectworlds Advanced Library Management System version 1.0, specifically within the /delete admin.php file. Manipulation of the `admin id` argument can lead to a SQL injection. Remote exploitation is possible. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds version 1.0 **Description** A security flaw exists in projectworlds that allows for the passing of malicious payloads up to version 1.0. The issue affects unknown code within the '/add book.php' file. Manipulation of the `image` argument results in unrestricted upload capabilities, and the attack can be executed remotely. The exploit has been publicly released. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.