CVE-2025-11426— projectworlds Advanced Library Management System edit_book.php unrestricted upload
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2025-11426
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
projectworlds Advanced Library Management System edit_book.php unrestricted upload
Source: NVD (National Vulnerability Database)
Vulnerability Description
A security flaw has been discovered in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit_book.php. The manipulation of the argument image results in unrestricted upload. It is possible to launch the attack remotely. The exploit has been released to the public and may be used for attacks.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
危险类型文件的不加限制上传
Source: NVD (National Vulnerability Database)
Vulnerability Title
Library Management System 代码问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Library Management System是King Albaracin个人开发者的一个带有二维码考勤和自动生成借书证的图书馆管理系统。 Library Management System 1.0版本存在代码问题漏洞,该漏洞源于对文件edit_book.php中参数image的错误操作,可能导致任意文件上传。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| projectworlds | Advanced Library Management System | 1.0 | cpe:2.3:a:projectworlds:advanced_library_management_system:*:*:*:*:*:*:*:* |
II. Public POCs for CVE-2025-11426
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2025-11426
请登录查看更多情报信息。
Vendor Advisories for CVE-2025-11426 (3)
- CVE-2025-11426 projectworlds Advanced Library Management System edit_book.php unrestricted uploadvdb-entrytechnical-description
Same Patch Batch · projectworlds · 2025-10-08 · 3 CVEs total
| CVE-2025-11475 | 7.3 HIGH | projectworlds Advanced Library Management System view_member.php sql injection |
| CVE-2025-11425 | 2.4 LOW | projectworlds Advanced Library Management System edit_admin.php cross site scripting |
IV. Related Vulnerabilities
Same product: Advanced Library Management System
- CVE-2025-14571
projectworlds Advanced Library Management System borrow_book - CVE-2025-14570
projectworlds Advanced Library Management System view_admin. - CVE-2025-14527
projectworlds Advanced Library Management System view_book.p - CVE-2025-14212
projectworlds Advanced Library Management System member_sear - CVE-2025-14211
projectworlds Advanced Library Management System delete_book
Same vendor: projectworlds
- CVE-2026-9364
projectworlds Online Art Gallery Shop adminHome.php sql inje - CVE-2026-8785
projectworlds hospital-management-system-in-php GET Paramete - CVE-2026-5645
projectworlds Car Rental System Parameter pay.php sql inject - CVE-2026-5637
projectworlds Car Rental System Parameter message_admin.php - CVE-2026-5634
projectworlds Car Rental Project Parameter book_car.php sql
Same weakness: CWE-434
- CVE-2026-10172
Bdtask Multi-Store Inventory Management System Component Mod - CVE-2018-25409
SIM-PKH 2.4.1 Arbitrary File Upload via aksi_pengurus.php - CVE-2018-25388
HaPe PKH 1.1 Arbitrary File Upload via aksi_foto.php - CVE-2026-10072
Interinfo|DreamMaker - Arbitrary File Upload - CVE-2026-10071
Interinfo|DreamMaker - Arbitrary File Upload
V. Comments for CVE-2025-11426
No comments yet