Title | code-projects Blood Bank Management System 1.0 SQL Injection |
---|
Description | A SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0. This vulnerability occurs in the search functionality when users query blood type availability. The search parameter is not properly sanitized, allowing attackers to inject malicious SQL queries.
This vulnerability allows an attacker to manipulate SQL queries and execute arbitrary database commands, potentially leading to:
Unauthorized access to sensitive data (e.g., donor or recipient information).
Database corruption or deletion.
Denial of Service (DoS) attacks by causing the database to execute time-consuming operations.
Since the injected payload persists through the search feature, this high-risk vulnerability could be exploited by remote attackers, leading to a significant breach of confidentiality and availability. |
---|
Source | ⚠️ https://gist.github.com/higordiego/46090516ba1b13fe3d2607ab4c0114f1 |
---|
User | c4ttr4ck (UID 75518) |
---|
Submission | 10/25/2024 03:14 PM (4 months ago) |
---|
Moderation | 10/26/2024 09:14 AM (18 hours later) |
---|
Status | Accepted |
---|
VulDB Entry | 281938 [code-projects Blood Bank Management up to 1.0 /abs.php search sql injection] |
---|
Points | 20 |
---|