Advanced Library Management System
Monthly
A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrow_book.php. Such manipulation of the argument roll_number leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing a manipulation of the argument book_id can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. Executing a manipulation of the argument user_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Unrestricted file upload in projectworlds Advanced Library Management System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /edit_book.php, resulting in low-impact confidentiality, integrity, and availability violations. Public exploit code is available, though EPSS exploitation probability remains very low at 0.05%, suggesting limited real-world attack incentive despite authentication requirement bypass potential.
Stored cross-site scripting in projectworlds Advanced Library Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the firstname parameter in /edit_admin.php, affecting other users who view admin profiles. Exploitation requires high-privilege authentication and user interaction (UI:P), limiting real-world impact despite network accessibility. Public exploit code exists and EPSS exploitation probability is minimal at 0.03%, suggesting this remains a low-priority vulnerability despite CVE assignment.
A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /borrow_book.php. Such manipulation of the argument roll_number leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
A flaw has been found in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view_admin.php. This manipulation of the argument admin_id causes sql injection. The attack may be initiated remotely. The exploit has been published and may be used.
A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing a manipulation of the argument book_id can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be used for attacks.
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /index.php. Such manipulation of the argument keywords leads to sql injection. The attack can be executed remotely. The exploit is publicly available and might be used.
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /view_member.php. Executing a manipulation of the argument user_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.
Unrestricted file upload in projectworlds Advanced Library Management System 1.0 allows authenticated remote attackers to upload arbitrary files via the image parameter in /edit_book.php, resulting in low-impact confidentiality, integrity, and availability violations. Public exploit code is available, though EPSS exploitation probability remains very low at 0.05%, suggesting limited real-world attack incentive despite authentication requirement bypass potential.
Stored cross-site scripting in projectworlds Advanced Library Management System 1.0 allows authenticated users with high privileges to inject malicious scripts via the firstname parameter in /edit_admin.php, affecting other users who view admin profiles. Exploitation requires high-privilege authentication and user interaction (UI:P), limiting real-world impact despite network accessibility. Public exploit code exists and EPSS exploitation probability is minimal at 0.03%, suggesting this remains a low-priority vulnerability despite CVE assignment.