| عنوان | itsourcecode Online Blood Bank Management System 1 Authentication Bypass via SQL Injection |
|---|
| الوصف | In Version 1.0 of the Online Blood Bank Management System application, a SQL injection vulnerability was found in two separate locations - the '/admin/index.php' file and the '/index.php file' of the 'Online Blood Bank Management System' project. The reason for this issue is that attackers inject malicious code from the parameter "user" and use it directly in SQL queries without the need for appropriate cleaning or validation. This allows attackers to forge input values, thereby manipulating SQL queries and performing unauthorized operations, allowing access to both the user console page as well as the admin user page.
No login or authorization is required to exploit this vulnerability. |
|---|
| المصدر | ⚠️ https://github.com/cl4irv0yance/CVEs/issues/3 |
|---|
| المستخدم | mdsmith49 (UID 72657) |
|---|
| ارسال | 30/07/2024 11:30 PM (2 سنوات منذ) |
|---|
| الاعتدال | 31/07/2024 07:29 AM (8 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 273231 [itsourcecode Online Blood Bank Management System 1.0 Admin Login /admin/index.php المستخدم حقن SQL] |
|---|
| النقاط | 20 |
|---|