PT-2025-47094 · Projectworlds · Advanced Library Management System

Wangruo

Published

2025-11-16

Updated

2025-11-17

CVE-2025-13253

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions projectworlds Advanced Library Management System version 1.0

Description A flaw exists in projectworlds Advanced Library Management System version 1.0 that allows for SQL injection. This issue is located in the /add librarian.php file, where manipulation of the Username argument can lead to exploitation. The attack can be carried out remotely, and details about the exploit have been publicly disclosed.

Recommendations Apply any available updates or patches for projectworlds Advanced Library Management System version 1.0. As a temporary workaround, sanitize the Username input in the /add librarian.php file to prevent SQL injection.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-13253

Affected Products

Advanced Library Management System

PT-2025-47094 · Projectworlds · Advanced Library Management System

CVE-2025-13253

Weakness Enumeration

Related Identifiers

Affected Products

References · 11