SQL Injection Vulnerability in itSourceCode Online Blood Bank Management System
CVE-2024-5516

9.8CRITICAL

Key Information:

Vendor

Itsourcecode

Status
Online Blood Bank Management System
Vendor
CVE Published:
30 May 2024

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2024-5516?

A newly discovered SQL injection vulnerability impacts the itSourceCode Online Blood Bank Management System version 1.0, specifically within the 'massage.php' file. This vulnerability arises from improper handling of the 'bid' parameter, allowing remote attackers to manipulate SQL queries and potentially gain unauthorized access to sensitive data. Exploitation of this weakness can lead to severe consequences, including data breaches and system compromise. The vulnerability has been publicly disclosed, heightening the risk for users who have not yet applied mitigation strategies.

Affected Version(s)

Online Blood Bank Management System 1.0

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2024-5516 - Proof of Concept

References

https://vuldb.com/?id.266587
vdb-entrytechnical-description
https://vuldb.com/?ctiid.266587
signaturepermissions-required
https://vuldb.com/?submit.346223
third-party-advisory

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

roobes (VulDB User)
.
CVE-2024-5516 : SQL Injection Vulnerability in itSourceCode Online Blood Bank Management System