GYSakura

2 exploits Active since Nov 2025
CVE-2025-13572 WRITEUP HIGH WRITEUP
Projectworlds Advanced Library Management System - Injection
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument admin_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVSS 7.3
CVE-2025-13573 WRITEUP MEDIUM WRITEUP
Projectworlds Advanced Library Manage... - Improper Access Control
A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
CVSS 6.3