Code-Projects Blood Bank Management System Vulnerability
CVE-2024-10605

6.5MEDIUM

Key Information:

Vendor
Code-projects
Status
Blood Bank Management System
Vendor
CVE Published:
1 November 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A vulnerability exists in the Blood Bank Management System 1.0, specifically within the request.php file, which enables attackers to perform cross-site request forgery (CSRF) attacks. This flaw allows unauthorized commands to be initiated on behalf of users without their consent. Exploiting this vulnerability could jeopardize sensitive data by enabling attackers to execute malicious requests remotely. Given that the exploit has been disclosed publicly, proactive measures are essential to safeguard the application and its users against potential exploitations.

Affected Version(s)

Blood Bank Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-10605 - Proof of Concept

References

https://vuldb.com/?id.282615
vdb-entry
https://vuldb.com/?ctiid.282615
signaturepermissions-required
https://vuldb.com/?submit.434756
third-party-advisory

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

Credit

0xbeven (VulDB User)
.
CVE-2024-10605 : Code-Projects Blood Bank Management System Vulnerability | SecurityVulnerability.io