Key Vulnerability Information Vulnerability ID: CVE-2025-13278, VDB-332613, GCVE-100-332613 Product: Projectworlds Advanced Library Management System 1.0 Affected File: /borrowed_book_search.php Affected Argument: datefrom/dateto Vulnerability Type: SQL Injection CVE Classification: Critical CWE Classification: CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')) Exploitation: The vulnerability is categorized as easy to exploit and can be initiated remotely. Exploit Availability: A public exploit is available and can be downloaded from GitHub. It is被认为是proof-of-concept. Impact: The vulnerability impacts confidentiality, integrity, and availability. Search for Vulnerable Targets: Vulnerable targets can be found by performing a Google search with the query . Countermeasure: No specific countermeasures are mentioned. It is suggested to replace the affected object with an alternative product.