CVE-2025-13254

Name of the Vulnerable Software and Affected Versions projectworlds Advanced Library Management System version 1.0

Description A flaw exists in projectworlds Advanced Library Management System that allows for SQL injection. This issue affects unknown code within the '/add member.php' file. Manipulation of the roll number argument can trigger the injection. The attack can be carried out remotely.

Recommendations Sanitize or validate the roll number parameter in the '/add member.php' file to prevent SQL injection. As a temporary workaround, restrict access to the '/add member.php' file until a proper fix is implemented.