PT-2025-47143 · Projectworlds · Advanced Library Management System
Choco094Late
·
Published
2025-11-17
·
Updated
2025-11-17
·
CVE-2025-13278
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
projectworlds Advanced Library Management System version 1.0
Description
A SQL injection issue exists in projectworlds Advanced Library Management System version 1.0. The issue is located in the
/borrowed book search.php file, within an unknown function. Manipulation of the datefrom and dateto arguments can lead to SQL injection. The attack can be initiated remotely, and details of the exploit have been publicly disclosed.Recommendations
Apply a fix for projectworlds Advanced Library Management System version 1.0 to address the SQL injection issue in the
/borrowed book search.php file. As a temporary workaround, restrict access to the /borrowed book search.php file to minimize the risk of exploitation.Exploit
Fix
Special Elements Injection
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Advanced Library Management System