LiveActive security incident?Get immediate response
CVE Record

CVE-2020-25515: Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Boo...

Sourcecodester Simple Library Management System 1.0 is affected by Insecure Permissions via Books > New Book , http://<site>/lms/index.php?page=books.

UnknownCVSS not scoredNot KEV-listedUpdated
Glexia's TakeAutomated analysisunknown

Security readout for executives and security teams

Plain-English summary

This CVE reports weak permissions in Sourcecodester Simple Library Management System 1.0 around the Books > New Book function. The public record is sparse, so the exact business impact is not fully evidenced. Treat it as an access-control concern in any deployed library management instance.

Executive priority

Prioritize investigation where this LMS is internet-facing or manages trusted library records. The urgency is uncertain because severity and exploitation evidence are missing, but access-control flaws can undermine data integrity.

Technical view

The CVE description identifies insecure permissions at /lms/index.php?page=books, associated with creating a new book entry. No CVSS score, CWE, normalized CPE, patch, or vendor mitigation is provided in the supplied sources. The affected product/version is only stated in the title and description.

Likely exposure

Likely limited to organizations running Sourcecodester Simple Library Management System 1.0 or derived deployments exposing the LMS books management route. Exposure evidence is incomplete because the CVE metadata lists affected vendor and product as n/a.

Exploitation context

The source bundle does not show CISA KEV listing or active exploitation. A public GitHub reference exists, but the provided bundle does not establish real-world exploitation, exploit reliability, or affected deployment prevalence.

Researcher notes

The record is under-specified: no CVSS, CWE, CPE, patch details, or precise permission boundary are provided. Analysis should remain scoped to the books route and version named in the description unless additional vendor or researcher evidence is obtained.

Mitigation direction

  • Check Sourcecodester or project guidance for an official fix or replacement version.
  • Restrict book-management functions to authenticated, authorized administrative users.
  • Remove or isolate public-facing deployments of the affected LMS if no fix exists.
  • Apply compensating controls such as access control, network restrictions, and monitoring.
  • Review custom forks for the same permission checks around book creation.

Validation and detection

  • Inventory deployments for Sourcecodester Simple Library Management System 1.0 or forks.
  • Confirm whether /lms/index.php?page=books is reachable by unauthenticated or low-privilege users.
  • Review application authorization logic for Books > New Book actions.
  • Check web and application logs for unexpected book-management activity.
  • Document whether a vendor-supported update or local remediation is available.
Prepared
Confidence
medium
Sources
4

Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.

Potential ATT&CK relevance

Conservative CVE-to-ATT&CK context

These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.

ATT&CK lookup starting points

Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.

cve · low confidence lookup

CVE-2020-25515 mapping review

Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.

Open ATT&CK lookup
Vulnerability profileCVE Program record
Severity
Unknown
CVSS
Not scored
Known Exploited
No
Published
Official CVE source material

CNA and ADP enrichment extracted from CVE v5

These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.

0CVSS vectors
3Timeline events
1ADP providers
3Source links

Vulnerability timeline

Timeline events are normalized from CVE metadata, CNA source timelines, ADP timelines, and KEV metadata when present.

  1. CVE reservedCVE Program

    The CVE ID was reserved by the assigning CNA.

  2. CVE publishedCVE Program

    The CVE record was published.

  3. CVE updatedCVE Program

    The CVE record metadata indicates this as the latest update time.

ADP provider summaries

CVECVE Program Container

Source materials

Affected products

Products and packages named in the record

VendorProductVersion / packageStatus
n/an/an/aListed
Weakness

CWE details

No CWE listed

CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.