anonhaven
Ad

CVE-2025-13572

HIGH CVSS 3.1: 7.3 EPSS 0.02%
Updated Dec 02, 2025
Projectworlds
Parameter Value
CVSS 7.3 (HIGH)
Type CWE-89 (SQL Injection), CWE-74 (Injection)
Vendor Projectworlds
Public PoC No

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This affects an unknown part of the file /delete_admin.php. The manipulation of the argument admin_id leads to sql injection.

Remote exploitation of the attack is possible. The exploit is publicly available and might be used.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
Low
Partial data leak
Integrity
Low
Partial data modification
Availability
Low
Partial disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-89 SQL Injection
CWE-74 Injection

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Projectworlds Advanced_Library_Management_System
cpe:2.3:a:projectworlds:advanced_library_management_system:1.0:*:*:*:*:*:*:*

References 4

https://github.com/GYSakura/tmp/blob/main/report.md
cna@vuldb.com
https://vuldb.com/?ctiid.333336
cna@vuldb.com
https://vuldb.com/?id.333336
cna@vuldb.com
https://vuldb.com/?submit.698645
cna@vuldb.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-5368

PHP

6.9

CVE-2026-4596

Projectworlds

5.1

CVE-2026-4540

PHP

6.9

CVE-2026-0643

Projectworlds

6.9

CVE-2026-0642

Projectworlds

4.8