| Titel | itsourcecode Online Blood Bank Management System 1 Authentication Bypass via SQL Injection |
|---|
| Beschreibung | In Version 1.0 of the Online Blood Bank Management System application, a SQL injection vulnerability was found in two separate locations - the '/admin/index.php' file and the '/index.php file' of the 'Online Blood Bank Management System' project. The reason for this issue is that attackers inject malicious code from the parameter "user" and use it directly in SQL queries without the need for appropriate cleaning or validation. This allows attackers to forge input values, thereby manipulating SQL queries and performing unauthorized operations, allowing access to both the user console page as well as the admin user page.
No login or authorization is required to exploit this vulnerability. |
|---|
| Quelle | ⚠️ https://github.com/cl4irv0yance/CVEs/issues/3 |
|---|
| Benutzer | mdsmith49 (UID 72657) |
|---|
| Einreichung | 30.07.2024 23:30 (vor 2 Jahren) |
|---|
| Moderieren | 31.07.2024 07:29 (8 hours later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 273231 [itsourcecode Online Blood Bank Management System 1.0 Admin Login /admin/index.php Benutzer SQL Injection] |
|---|
| Punkte | 20 |
|---|