PT-2024-16259 · Unknown · Code-Projects Blood Bank Management System

C4Ttr4Ck

Published

2024-10-27

Updated

2024-10-29

CVE-2024-10415

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions code-projects Blood Bank Management System version 1.0

Description A critical issue has been identified, affecting the file /file/accept.php. The manipulation of the reqid argument leads to SQL injection. This issue can be exploited remotely.

Recommendations For code-projects Blood Bank Management System version 1.0, consider restricting access to the /file/accept.php file until a patch is available. As a temporary workaround, avoid using the reqid argument in the affected file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2024-10415

Affected Products

Code-Projects Blood Bank Management System

PT-2024-16259 · Unknown · Code-Projects Blood Bank Management System

CVE-2024-10415

Weakness Enumeration

Related Identifiers

Affected Products

References · 9