Blood Bank Management System 1.0 Vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2024-10448

6.5MEDIUM

Key Information:

Vendor
Code-projects
Status
Blood Bank Management System
Vendor
CVE Published:
28 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A significant vulnerability exists within the Blood Bank Management System, specifically in the delete.php file. The issue arises from inadequate validation of user input for a key argument, enabling attackers to perform cross-site request forgery (CSRF) attacks. As a result, unauthorized attackers can potentially manipulate requests remotely, leading to unauthorized data alteration or deletion. This issue poses a serious risk not only to the affected file but may also have implications for other functionalities within the system. Public disclosure of the exploit raises the urgency for affected users to assess their systems for potential risks and implement necessary mitigations.

Affected Version(s)

Blood Bank Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10448 - Proof of Concept

CVE-2024-10448
Created by bevennyamande

References

https://vuldb.com/?id.282008
vdb-entrytechnical-description
https://vuldb.com/?ctiid.282008
signaturepermissions-required
https://vuldb.com/?submit.432501
third-party-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

0xbeven (VulDB User)
.
CVE-2024-10448 : Blood Bank Management System 1.0 Vulnerable to Cross-Site Request Forgery (CSRF) | SecurityVulnerability.io