PT-2025-47143 · Projectworlds · Advanced Library Management System

Choco094Late

·

Published

2025-11-17

·

Updated

2025-11-17

·

CVE-2025-13278

CVSS v3.1
8.8
VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions projectworlds Advanced Library Management System version 1.0
Description A SQL injection issue exists in projectworlds Advanced Library Management System version 1.0. The issue is located in the 
/borrowed book search.php
file, within an unknown function. Manipulation of the 
datefrom
and 
dateto
arguments can lead to SQL injection. The attack can be initiated remotely, and details of the exploit have been publicly disclosed.
Recommendations Apply a fix for projectworlds Advanced Library Management System version 1.0 to address the SQL injection issue in the 
/borrowed book search.php
file. As a temporary workaround, restrict access to the 
/borrowed book search.php
file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Special Elements Injection

Weakness Enumeration

CWE-89CWE-74

Related Identifiers

CVE-2025-13278

Affected Products

Advanced Library Management System