Blood Bank Management System vulnerable to Cross-Site Request Forgery (CSRF)
CVE-2024-10557

6.5MEDIUM

Key Information:

Vendor
Code-projects
Status
Blood Bank Management System
Vendor
CVE Published:
31 October 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A security vulnerability exists within the Blood Bank Management System, specifically tied to an unknown functionality in the 'updateprofile.php' file. This flaw enables attackers to leverage cross-site request forgery tactics, allowing unauthorized actions to be executed on behalf of an authenticated user. The vulnerability is exploitable remotely, raising concerns as it may be abused by malicious actors once disclosed publicly. Therefore, urgent attention is required to mitigate potential threats arising from this exploit.

Affected Version(s)

Blood Bank Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10557 - Proof of Concept

CVE-2024-10557
Created by bevennyamande

References

https://vuldb.com/?id.282559
vdb-entry
https://vuldb.com/?ctiid.282559
signaturepermissions-required
https://vuldb.com/?submit.433057
third-party-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

Credit

0xbeven (VulDB User)
.
CVE-2024-10557 : Blood Bank Management System vulnerable to Cross-Site Request Forgery (CSRF) | SecurityVulnerability.io