Overview CVE-2025-13579 describes a medium-severity SQL injection vulnerability discovered in Code-Projects Library System version 1.0. This vulnerability allows a remote attacker to execute arbitrary SQL commands by manipulating the ID argument in the /return.php file. The exploit is publicly available, making immediate action crucial for affected systems. Technical Details The vulnerability resides in the /return.php file of the Code-Projects Library System 1.0. The application fails to properly sanitize the ID parameter before using it in a SQL query. An attacker can inject malicious SQL code into this parameter, potentially allowing them to: Read sensitive data from the database, including user…
-
-
Overview A significant security vulnerability, identified as CVE-2025-13578, has been discovered in Code-Projects Library System version 1.0. This flaw is a SQL injection vulnerability located within the login functionality, specifically affecting the processing of the “Username” argument in the /index.php file. The vulnerability allows remote attackers to potentially execute arbitrary SQL commands, posing a severe threat to the system’s integrity and data security. Technical Details The vulnerability resides in the handling of the “Username” parameter during the login process. Due to insufficient input sanitization, an attacker can inject malicious SQL code into this parameter. This injected code is then executed…
-
Overview CVE-2025-13577 describes a Cross-Site Scripting (XSS) vulnerability found in PHPGurukul Hostel Management System version 2.1. This low-severity flaw allows a remote attacker to inject arbitrary web scripts into the application, potentially leading to data theft, session hijacking, or defacement. Technical Details The vulnerability exists within the /register-complaint.php file. Specifically, the cdetails argument is susceptible to manipulation. An attacker can inject malicious JavaScript code into this argument, which will then be executed in the context of other users’ browsers when they view the complaint details. This is a persistent XSS vulnerability, as the injected script is stored within the system.…
-
Overview CVE-2025-13576 is a medium severity vulnerability found in Code-Projects Blog Site version 1.0. This vulnerability allows for improper authorization due to manipulation of an unknown function within the /admin.php file. The exploit is publicly available, making exploitation easier and faster. This vulnerability can be exploited remotely, without requiring local access to the system. Technical Details The vulnerability resides in the /admin.php file of Code-Projects Blog Site 1.0. An attacker can manipulate input to an unspecified function, bypassing intended authorization mechanisms. The exact nature of the function and the specific manipulation required are detailed in the public exploit available. Multiple…
-
Overview CVE-2025-13575 is a medium-severity SQL injection vulnerability discovered in code-projects Blog Site version 1.0. The vulnerability resides within the Category Handler, specifically the category_exists function in the /resources/functions/blog.php file. Successful exploitation of this vulnerability allows remote attackers to inject malicious SQL code by manipulating the name/field argument. Technical Details The vulnerability stems from insufficient sanitization of user-supplied input within the category_exists function. An attacker can inject SQL commands through the name/field argument of the function, potentially allowing them to read, modify, or delete data in the database. This vulnerability can be exploited remotely without authentication, making it a significant…
-
Overview CVE-2025-13574 describes a medium severity vulnerability discovered in code-projects Online Bidding System version 1.0. This vulnerability allows for unrestricted file uploads due to improper input validation in the categoryadd function of the /administrator/addcategory.php file. An attacker can leverage this flaw to upload arbitrary files, potentially leading to remote code execution, data breaches, or defacement of the affected system. The exploit is publicly available, making it crucial to apply mitigations immediately. Technical Details The vulnerability resides within the categoryadd function responsible for adding new categories within the administrative panel. The catimage argument, intended to handle the category image, lacks adequate…
-
Overview CVE-2025-13573 is a medium-severity security vulnerability affecting Projectworlds’ software, specifically versions up to 1.0. The vulnerability resides within the /add_book.php file and allows for unrestricted file uploads through manipulation of the image argument. This flaw enables remote attackers to upload arbitrary files, potentially leading to code execution, server compromise, or data breaches. The exploit has been publicly released, increasing the risk of exploitation. Technical Details The vulnerability stems from insufficient validation of the image argument in the /add_book.php script. Lack of proper file type checking, size limitations, or content sanitization allows an attacker to bypass intended security measures. An…
-
Overview CVE-2025-13572 is a high-severity SQL injection vulnerability affecting projectworlds Advanced Library Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary SQL commands by manipulating the admin_id parameter in the /delete_admin.php file. The vulnerability has a CVSS score of 7.3, indicating a significant risk. A public exploit is available, increasing the likelihood of exploitation. Technical Details The vulnerability resides in the /delete_admin.php file of the Advanced Library Management System. The application fails to properly sanitize user-supplied input provided through the admin_id parameter. This lack of input validation allows an attacker to inject malicious SQL code, potentially…
-
Overview A Server-Side Request Forgery (SSRF) vulnerability, identified as CVE-2025-12800, has been discovered in the WP Shortcodes Plugin (Shortcodes Ultimate) for WordPress. This flaw affects all versions up to and including 7.4.5. Authenticated attackers with Administrator-level access (and potentially Contributor+ access under specific configurations) can exploit this vulnerability to make arbitrary web requests originating from the WordPress server. This could lead to the exposure of sensitive internal information and modification of internal services. Technical Details The vulnerability resides within the su_shortcode_csv_table function. This function allows users to import CSV data, and the vulnerable code allows the attacker to specify the…
-
Overview CVE-2025-13571 details a medium severity SQL injection vulnerability found in the Simple Food Ordering System version 1.0. The vulnerability exists in the /listorder.php file and can be exploited remotely by manipulating the ID argument. This could allow attackers to execute arbitrary SQL commands, potentially leading to data breaches or unauthorized access. Technical Details The vulnerability lies within the /listorder.php file, specifically how the application handles user-supplied input for the ID parameter. Insufficient sanitization or escaping of this parameter allows an attacker to inject malicious SQL code. When the application executes the constructed SQL query, the injected code is executed…