漏洞信息 CVE ID: CVE-2025-13572 Vulnerability Type: SQL Injection Severity: Critical Vulnerable Software: projectworlds Advanced Library Management System 1.0 Vulnerable File: /delete_admin.php Vulnerable Parameter: admin_id Details Issue: The manipulation of the parameter can lead to SQL injection due to the code being affected by an unknown vulnerability. CWE Classification: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')) Impact: The vulnerability can be exploited remotely without authentication, impacting confidentiality, integrity, and availability. Exploitability: The vulnerability is classified as easy to exploit. Exploit: A proof-of-concept exploit is available on GitHub. Attack Technique: T1505 (Internal Vulnerability Scanning) Discovery Method: Vulnerable targets can be found using Google Hacking with the search term