CVE-2020-25514

HIGH

Simple Library Management System 1.0 - Incorrect Access Control via Login Panel

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-25514. PoCs published by Ko-kn3t.

AI-analyzed exploit summary This PoC demonstrates an authentication bypass vulnerability in Simple Library Management System 1.0 via SQL injection. The exploit uses a classic SQLi payload to bypass the login panel by manipulating the username and password fields.

Description

Sourcecodester Simple Library Management System 1.0 is affected by Incorrect Access Control via the Login Panel, http://<site>/lms/admin.php.

Exploits (1)

nomisec WORKING POC

by Ko-kn3t · poc

https://github.com/Ko-kn3t/CVE-2020-25514

View Code ZIP pw:eip

This PoC demonstrates an authentication bypass vulnerability in Simple Library Management System 1.0 via SQL injection. The exploit uses a classic SQLi payload to bypass the login panel by manipulating the username and password fields.

Classification

Working Poc 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Simple Library Management System 1.0

No auth needed

Prerequisites: Access to the login panel at /lms/admin.php

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Not Applicable x_refsource_misc

http://simple.com

Third Party Advisory x_refsource_misc

https://www.sourcecodester.com

Product, Third Party Advisory x_refsource_misc

https://github.com/Ko-kn3t/CVE-2020-25514

Scores

CVSS v3 8.4

EPSS 0.0063

EPSS Percentile 45.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-89

Status published

Products (1)

simple_library_management_system_project/simple_library_management_system 1.0

Published Sep 22, 2020

Tracked Since Feb 18, 2026