Submit #431491: code-projects Blood Bank Management System 1.0 SQL Injectioninfo

Titlecode-projects Blood Bank Management System 1.0 SQL Injection
DescriptionA SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0. This vulnerability occurs in the search functionality when users query blood type availability. The search parameter is not properly sanitized, allowing attackers to inject malicious SQL queries. This vulnerability allows an attacker to manipulate SQL queries and execute arbitrary database commands, potentially leading to: Unauthorized access to sensitive data (e.g., donor or recipient information). Database corruption or deletion. Denial of Service (DoS) attacks by causing the database to execute time-consuming operations. Since the injected payload persists through the search feature, this high-risk vulnerability could be exploited by remote attackers, leading to a significant breach of confidentiality and availability.
Source⚠️ https://gist.github.com/higordiego/46090516ba1b13fe3d2607ab4c0114f1
User
 c4ttr4ck (UID 75518)
Submission10/25/2024 03:14 PM (4 months ago)
Moderation10/26/2024 09:14 AM (18 hours later)
StatusAccepted
VulDB Entry281938 [code-projects Blood Bank Management up to 1.0 /abs.php search sql injection]
Points20

Do you want to use VulDB in your project?

Use the official API to access entries easily!