GYSakura

2 exploits Active since Nov 2025
CVE-2025-13572 WRITEUP HIGH WRITEUP
projectworlds Advanced Library Management System 1.0 - SQL Injection via admin_id Parameter in delete_admin.php
A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument admin_id leads to sql injection. Remote exploitation of the attack is possible. The exploit is publicly available and might be used.
CVSS 7.3
CVE-2025-13573 WRITEUP MEDIUM WRITEUP
projectworlds advanced_library_management_system 1.0 - Unrestricted File Upload via /add_book.php Image Parameter
A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
CVSS 6.3