Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Primary rating from Vendor (WPScan) · only source for this CVE.
CVSS VectorVendor: WPScan
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
2DescriptionCVE.org
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes.
Articles & Coverage 1
Analysis
The Library Management System WordPress plugin before 3.5.8 does not sanitize and escape a user-supplied parameter before using it in a SQL statement, allowing unauthenticated attackers to perform SQL injection and extract arbitrary data from the database, including user password hashes.
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Library Management System
View allA vulnerability, which was classified as critical, was found in code-projects Library Management System 2.0. Rated criti
In Library Management System 1.0 the /card/in-card.php file id_no parameters are vulnerable to SQL injection. Rated crit
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /admi
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /admi
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the M_Id parameter at /admin/
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /libraria
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the RollNo parameter at /libr
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the bookId parameter at /libr
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /sta
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the Section parameter at /lib
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/st
Library Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /staff/bo
Share
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43293
GHSA-qvmr-hx75-cf7j