| 제목 | itsourcecode Online Blood Bank Management System 1 Authentication Bypass via SQL Injection |
|---|
| 설명 | In Version 1.0 of the Online Blood Bank Management System application, a SQL injection vulnerability was found in two separate locations - the '/admin/index.php' file and the '/index.php file' of the 'Online Blood Bank Management System' project. The reason for this issue is that attackers inject malicious code from the parameter "user" and use it directly in SQL queries without the need for appropriate cleaning or validation. This allows attackers to forge input values, thereby manipulating SQL queries and performing unauthorized operations, allowing access to both the user console page as well as the admin user page.
No login or authorization is required to exploit this vulnerability. |
|---|
| 원천 | ⚠️ https://github.com/cl4irv0yance/CVEs/issues/3 |
|---|
| 사용자 | mdsmith49 (UID 72657) |
|---|
| 제출 | 2024. 07. 30. PM 11:30 (2 연령 ago) |
|---|
| 모더레이션 | 2024. 07. 31. AM 07:29 (8 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 273231 [itsourcecode Online Blood Bank Management System 1.0 Admin Login /admin/index.php 사용자 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|