Wangruo

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A flaw exists in projectworlds Advanced Library Management System that allows for SQL injection. This issue affects unknown code within the '/add member.php' file. Manipulation of the `roll number` argument can trigger the injection. The attack can be carried out remotely. **Recommendations** Sanitize or validate the `roll number` parameter in the '/add member.php' file to prevent SQL injection. As a temporary workaround, restrict access to the '/add member.php' file until a proper fix is implemented.

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A security flaw exists in projectworlds Advanced Library Management System version 1.0. The issue involves the processing of the `/book search.php` file. Manipulation of the `book pub`/`book title` argument can lead to SQL injection. This allows for remote exploitation. The exploit is publicly available. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A weakness exists in projectworlds Advanced Library Management System. The issue involves the potential for SQL injection through manipulation of the `roll number` argument within an unknown function of the `/borrow.php` file. This allows for remote exploitation, and an exploit has been publicly released. The API endpoint involved is `/borrow.php`. **Recommendations** Versions prior to 1.0 should be used. As a temporary workaround, consider restricting access to the `/borrow.php` file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** projectworlds Advanced Library Management System version 1.0 **Description** A flaw exists in projectworlds Advanced Library Management System version 1.0 that allows for SQL injection. This issue is located in the `/add librarian.php` file, where manipulation of the `Username` argument can lead to exploitation. The attack can be carried out remotely, and details about the exploit have been publicly disclosed. **Recommendations** Apply any available updates or patches for projectworlds Advanced Library Management System version 1.0. As a temporary workaround, sanitize the `Username` input in the `/add librarian.php` file to prevent SQL injection.