CVE-2024-7320

Name of the Vulnerable Software and Affected Versions itsourcecode Online Blood Bank Management System version 1.0

Description A critical vulnerability has been found in the itsourcecode Online Blood Bank Management System. This issue affects the /admin/index.php file of the Admin Login component. The manipulation of the user argument leads to SQL injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Recommendations For itsourcecode Online Blood Bank Management System version 1.0, patch the system immediately to prevent SQL injection attacks. Additionally, check for any potential compromise. As a temporary workaround, consider restricting access to the /admin/index.php endpoint until a patch is applied. Avoid using the user argument in the affected API endpoint until the issue is resolved.