| 제목 | code-projects Blood Bank Management System 1.0 SQL Injection |
|---|
| 설명 | A SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0. This vulnerability occurs in the search functionality when users query blood type availability. The search parameter is not properly sanitized, allowing attackers to inject malicious SQL queries.
This vulnerability allows an attacker to manipulate SQL queries and execute arbitrary database commands, potentially leading to:
Unauthorized access to sensitive data (e.g., donor or recipient information).
Database corruption or deletion.
Denial of Service (DoS) attacks by causing the database to execute time-consuming operations.
Since the injected payload persists through the search feature, this high-risk vulnerability could be exploited by remote attackers, leading to a significant breach of confidentiality and availability. |
|---|
| 원천 | ⚠️ https://gist.github.com/higordiego/46090516ba1b13fe3d2607ab4c0114f1 |
|---|
| 사용자 | c4ttr4ck (UID 75518) |
|---|
| 제출 | 2024. 10. 25. PM 03:14 (1 년도 ago) |
|---|
| 모더레이션 | 2024. 10. 26. AM 09:14 (18 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 281938 [code-projects Blood Bank Management 까지 1.0 /abs.php 검색 SQL 주입] |
|---|
| 포인트들 | 20 |
|---|