PT-2025-49503 · Projectworlds · Advanced Library Management System

Yudeshui

Published

2025-12-08

Updated

2026-01-03

CVE-2025-14212

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions projectworlds Advanced Library Management System version 1.0

Description A flaw exists in projectworlds Advanced Library Management System that allows for SQL injection. This issue is related to an unknown functionality within the /member search.php file. Manipulation of the roll number argument can lead to a successful attack, which can be launched remotely. An exploit for this issue has been published.

Recommendations Apply any available updates or patches to address the vulnerability in the affected file. As a temporary workaround, consider restricting or carefully validating the roll number argument in the /member search.php file to prevent SQL injection attacks.

Exploit

Fix

Special Elements Injection

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-89

Related Identifiers

CVE-2025-14212

Affected Products

Advanced Library Management System

PT-2025-49503 · Projectworlds · Advanced Library Management System

CVE-2025-14212

Weakness Enumeration

Related Identifiers

Affected Products

References · 10