projectworlds can pass malicious payloads add_book.php unrestricted upload_CVE-2025-13573

5.3 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

Description

A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released to the public and may be exploited.

Basic Information

ID CVE-2025-13573

Source VulDB

Published Nov 23, 2025 at 23:32

Affected Product

Vendor projectworlds

Product can pass malicious payloads

Version 1.0

Affected Versions projectworlds can pass malicious payloads 1.0

CWE Classification

CWE-434 CWE-284

References

{
    "lastseen": "",
    "description": "A security flaw has been discovered in projectworlds can pass malicious payloads up to 1.0. This vulnerability affects unknown code of the file /add_book.php. The manipulation of the argument image results in unrestricted upload. The attack can be executed remotely. The exploit has been released to the public and may be exploited.",
    "published": "2025-11-23T23:32:06.057Z",
    "modified": "2025-11-23T23:32:06.057Z",
    "type": "cve",
    "title": "projectworlds can pass malicious payloads add_book.php unrestricted upload",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.333337\nhttps://vuldb.com/?ctiid.333337\nhttps://vuldb.com/?submit.698646\nhttps://github.com/GYSakura/tmp75/blob/main/report.md",
    "id": "CVE-2025-13573",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434",
        "CWE-284"
    ],
    "cvelist": null,
    "sourceData": "projectworlds can pass malicious payloads 1.0",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "can pass malicious payloads",
    "version": "1.0",
    "vendor": "projectworlds",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}