Overview CVE-2025-13581 is a medium severity SQL injection vulnerability identified in the itsourcecode Student Information System version 1.0. This flaw allows a remote attacker to execute arbitrary SQL commands by manipulating the schedule_id parameter in the /schedule_edit1.php file. The vulnerability is publicly known and actively exploitable, posing a significant risk to systems running the affected version. Technical Details The vulnerability exists due to insufficient sanitization of user-supplied input within the /schedule_edit1.php file. Specifically, the schedule_id parameter, intended to identify a specific schedule record, is directly incorporated into an SQL query without proper escaping or validation. An attacker can inject malicious…
-
-
Overview CVE-2025-13580 is a medium severity SQL Injection vulnerability found in Code-Projects Library System version 1.0. This flaw allows a remote attacker to execute arbitrary SQL commands by manipulating the ID argument in the /mail.php file. The vulnerability has been publicly disclosed and is actively exploitable. Technical Details The vulnerability stems from insufficient input sanitization within the /mail.php script. Specifically, the application fails to properly escape or validate the ID parameter before using it in a SQL query. An attacker can inject malicious SQL code into this parameter, potentially gaining unauthorized access to the database, modifying data, or even compromising…
-
Overview CVE-2025-13579 describes a medium-severity SQL injection vulnerability discovered in Code-Projects Library System version 1.0. This vulnerability allows a remote attacker to execute arbitrary SQL commands by manipulating the ID argument in the /return.php file. The exploit is publicly available, making immediate action crucial for affected systems. Technical Details The vulnerability resides in the /return.php file of the Code-Projects Library System 1.0. The application fails to properly sanitize the ID parameter before using it in a SQL query. An attacker can inject malicious SQL code into this parameter, potentially allowing them to: Read sensitive data from the database, including user…
-
Overview A significant security vulnerability, identified as CVE-2025-13578, has been discovered in Code-Projects Library System version 1.0. This flaw is a SQL injection vulnerability located within the login functionality, specifically affecting the processing of the “Username” argument in the /index.php file. The vulnerability allows remote attackers to potentially execute arbitrary SQL commands, posing a severe threat to the system’s integrity and data security. Technical Details The vulnerability resides in the handling of the “Username” parameter during the login process. Due to insufficient input sanitization, an attacker can inject malicious SQL code into this parameter. This injected code is then executed…
-
Overview CVE-2025-13577 describes a Cross-Site Scripting (XSS) vulnerability found in PHPGurukul Hostel Management System version 2.1. This low-severity flaw allows a remote attacker to inject arbitrary web scripts into the application, potentially leading to data theft, session hijacking, or defacement. Technical Details The vulnerability exists within the /register-complaint.php file. Specifically, the cdetails argument is susceptible to manipulation. An attacker can inject malicious JavaScript code into this argument, which will then be executed in the context of other users’ browsers when they view the complaint details. This is a persistent XSS vulnerability, as the injected script is stored within the system.…
-
Overview CVE-2025-13576 is a medium severity vulnerability found in Code-Projects Blog Site version 1.0. This vulnerability allows for improper authorization due to manipulation of an unknown function within the /admin.php file. The exploit is publicly available, making exploitation easier and faster. This vulnerability can be exploited remotely, without requiring local access to the system. Technical Details The vulnerability resides in the /admin.php file of Code-Projects Blog Site 1.0. An attacker can manipulate input to an unspecified function, bypassing intended authorization mechanisms. The exact nature of the function and the specific manipulation required are detailed in the public exploit available. Multiple…
-
Overview CVE-2025-13575 is a medium-severity SQL injection vulnerability discovered in code-projects Blog Site version 1.0. The vulnerability resides within the Category Handler, specifically the category_exists function in the /resources/functions/blog.php file. Successful exploitation of this vulnerability allows remote attackers to inject malicious SQL code by manipulating the name/field argument. Technical Details The vulnerability stems from insufficient sanitization of user-supplied input within the category_exists function. An attacker can inject SQL commands through the name/field argument of the function, potentially allowing them to read, modify, or delete data in the database. This vulnerability can be exploited remotely without authentication, making it a significant…
-
Overview CVE-2025-13574 describes a medium severity vulnerability discovered in code-projects Online Bidding System version 1.0. This vulnerability allows for unrestricted file uploads due to improper input validation in the categoryadd function of the /administrator/addcategory.php file. An attacker can leverage this flaw to upload arbitrary files, potentially leading to remote code execution, data breaches, or defacement of the affected system. The exploit is publicly available, making it crucial to apply mitigations immediately. Technical Details The vulnerability resides within the categoryadd function responsible for adding new categories within the administrative panel. The catimage argument, intended to handle the category image, lacks adequate…
-
Overview CVE-2025-13573 is a medium-severity security vulnerability affecting Projectworlds’ software, specifically versions up to 1.0. The vulnerability resides within the /add_book.php file and allows for unrestricted file uploads through manipulation of the image argument. This flaw enables remote attackers to upload arbitrary files, potentially leading to code execution, server compromise, or data breaches. The exploit has been publicly released, increasing the risk of exploitation. Technical Details The vulnerability stems from insufficient validation of the image argument in the /add_book.php script. Lack of proper file type checking, size limitations, or content sanitization allows an attacker to bypass intended security measures. An…
-
Overview CVE-2025-13572 is a high-severity SQL injection vulnerability affecting projectworlds Advanced Library Management System version 1.0. This vulnerability allows a remote attacker to execute arbitrary SQL commands by manipulating the admin_id parameter in the /delete_admin.php file. The vulnerability has a CVSS score of 7.3, indicating a significant risk. A public exploit is available, increasing the likelihood of exploitation. Technical Details The vulnerability resides in the /delete_admin.php file of the Advanced Library Management System. The application fails to properly sanitize user-supplied input provided through the admin_id parameter. This lack of input validation allows an attacker to inject malicious SQL code, potentially…