| Título | itsourcecode Online Blood Bank Management System 1 Authentication Bypass via SQL Injection |
|---|
| Descripción | In Version 1.0 of the Online Blood Bank Management System application, a SQL injection vulnerability was found in two separate locations - the '/admin/index.php' file and the '/index.php file' of the 'Online Blood Bank Management System' project. The reason for this issue is that attackers inject malicious code from the parameter "user" and use it directly in SQL queries without the need for appropriate cleaning or validation. This allows attackers to forge input values, thereby manipulating SQL queries and performing unauthorized operations, allowing access to both the user console page as well as the admin user page.
No login or authorization is required to exploit this vulnerability. |
|---|
| Fuente | ⚠️ https://github.com/cl4irv0yance/CVEs/issues/3 |
|---|
| Usuario | mdsmith49 (UID 72657) |
|---|
| Sumisión | 2024-07-30 23:30 (hace 2 años) |
|---|
| Moderación | 2024-07-31 07:29 (8 hours later) |
|---|
| Estado | Aceptado |
|---|
| Entrada de VulDB | 273231 [itsourcecode Online Blood Bank Management System 1.0 Admin Login /admin/index.php Usuario inyección SQL] |
|---|
| Puntos | 20 |
|---|