Search
Find a vulnerability
Search criteria
2 vulnerabilities found for Library Management System by Fabian Ros
CVE-2025-7210 (GCVE-0-2025-7210)
Vulnerability from nvd – Published: 2025-07-09 01:32 – Updated: 2025-07-09 17:02
VLAI
EPSS
VEX
Title
code-projects/Fabian Ros Library Management System profile_update.php unrestricted upload
Summary
A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.315158 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.315158 | signaturepermissions-required |
| https://vuldb.com/?submit.607801 | third-party-advisory |
| https://github.com/horytick/CVE/blob/main/Library… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Library Management System |
Affected:
2.0
|
|
| Fabian Ros | Library Management System |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7210",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T17:02:05.371476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T17:02:34.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Library Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "Library Management System",
"vendor": "Fabian Ros",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "moss_mo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in code-projects/Fabian Ros Library Management System 2.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei admin/profile_update.php. Durch Manipulieren des Arguments photo mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T01:32:05.879Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-315158 | code-projects/Fabian Ros Library Management System profile_update.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.315158"
},
{
"name": "VDB-315158 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.315158"
},
{
"name": "Submit #607801 | Fabian Ros Library Management System In PHP With Source Code 2.0 File Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.607801"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/horytick/CVE/blob/main/Library%20Management%20System%20In%20PHP%20Arbitrary%20file%20upload.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-07T15:04:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/Fabian Ros Library Management System profile_update.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7210",
"datePublished": "2025-07-09T01:32:05.879Z",
"dateReserved": "2025-07-07T12:59:30.784Z",
"dateUpdated": "2025-07-09T17:02:34.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7210 (GCVE-0-2025-7210)
Vulnerability from cvelistv5 – Published: 2025-07-09 01:32 – Updated: 2025-07-09 17:02
VLAI
EPSS
VEX
Title
code-projects/Fabian Ros Library Management System profile_update.php unrestricted upload
Summary
A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.315158 | vdb-entrytechnical-description |
| https://vuldb.com/?ctiid.315158 | signaturepermissions-required |
| https://vuldb.com/?submit.607801 | third-party-advisory |
| https://github.com/horytick/CVE/blob/main/Library… | exploit |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| code-projects | Library Management System |
Affected:
2.0
|
|
| Fabian Ros | Library Management System |
Affected:
2.0
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7210",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-09T17:02:05.371476Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T17:02:34.659Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Library Management System",
"vendor": "code-projects",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
},
{
"product": "Library Management System",
"vendor": "Fabian Ros",
"versions": [
{
"status": "affected",
"version": "2.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "moss_mo (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability was found in code-projects/Fabian Ros Library Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file admin/profile_update.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in code-projects/Fabian Ros Library Management System 2.0 gefunden. Sie wurde als kritisch eingestuft. Betroffen davon ist ein unbekannter Prozess der Datei admin/profile_update.php. Durch Manipulieren des Arguments photo mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 6.5,
"vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-434",
"description": "Unrestricted Upload",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "Improper Access Controls",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-07-09T01:32:05.879Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-315158 | code-projects/Fabian Ros Library Management System profile_update.php unrestricted upload",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.315158"
},
{
"name": "VDB-315158 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.315158"
},
{
"name": "Submit #607801 | Fabian Ros Library Management System In PHP With Source Code 2.0 File Upload",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.607801"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/horytick/CVE/blob/main/Library%20Management%20System%20In%20PHP%20Arbitrary%20file%20upload.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-07-07T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-07-07T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-07-07T15:04:40.000Z",
"value": "VulDB entry last update"
}
],
"title": "code-projects/Fabian Ros Library Management System profile_update.php unrestricted upload"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-7210",
"datePublished": "2025-07-09T01:32:05.879Z",
"dateReserved": "2025-07-07T12:59:30.784Z",
"dateUpdated": "2025-07-09T17:02:34.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}