CH0ico/CVE_choco_1
GitHub
Releases0
During the security review of "Advanced Library Management System", discovered a critical SQL injection vulnerability in the "borrowed_book_search.php" file.
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.3 MEDIUM | 6.5 MEDIUM | ||
A vulnerability has been found in projectworlds Advanced Library Management System 1.0. Impacted is an unknown function of the file /borrowed_book_search.php. Such manipulation of the argument datefrom/dateto leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||