SQL Injection Vulnerability in Code-Projects Blood Bank Management
CVE-2024-10409
Key Information:
- Vendor
Code-projects
- Status
- Vendor
- CVE Published:
- 27 October 2024
Badges
What is CVE-2024-10409?
A significant vulnerability has been identified in the Blood Bank Management software, specifically in the accept.php file. This flaw arises from improper handling of user-supplied input within the reqid parameter, allowing for SQL injection attacks. Attackers can exploit this vulnerability remotely, leading to potential unauthorized access to the database and sensitive data leakage. Publicly disclosed, this vulnerability emphasizes the urgent need for users to apply patches or updates to secure their installations against exploitation. For further in-depth details, you can refer to the technical descriptions and advisories provided in the references.
Affected Version(s)
Blood Bank Management 1.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved