SQL Injection Vulnerability in Blood-Bank-And-Donation-Management-System by Varun Sardana
CVE-2025-11481

5.3MEDIUM

Key Information:

Vendor

Varunsardana004

Status
Blood-bank-and-donation-management-system
Vendor
CVE Published:
8 October 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-11481?

A security vulnerability exists in the Blood-Bank-And-Donation-Management-System created by Varun Sardana, specifically in the donate_blood.php file. Malicious users can exploit this flaw by manipulating the 'fullname' argument, which may result in unauthorized SQL commands being executed. This allows attackers to gain access to sensitive data from a remote location. The product follows a rolling release system, hence specific versioning details for affected releases are not publicly disclosed.

Affected Version(s)

Blood-Bank-And-Donation-Management-System dc9e0393d826fbc85fad9755b5bc12cba1919df2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-11481 - Proof of Concept

References

https://vuldb.com/?id.327599
vdb-entrytechnical-description
https://vuldb.com/?ctiid.327599
signaturepermissions-required
https://vuldb.com/?submit.667394
third-party-advisory

CVSS V4

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

redteam_bd (VulDB User)
JSON
.
CVE-2025-11481 : SQL Injection Vulnerability in Blood-Bank-And-Donation-Management-System by Varun Sardana