CVE-2024-9986

Name of the Vulnerable Software and Affected Versions code-projects Blood Bank Management System version 1.0

Description A critical issue affects the processing of the file member register.php, where the manipulation of the fullname, username, password, and email arguments leads to SQL injection. The attack can be initiated remotely. It is assumed that multiple parameters are affected, although initial research only mentioned the password parameter.

Recommendations For code-projects Blood Bank Management System version 1.0, consider restricting access to the member register.php file until a patch is available. As a temporary workaround, avoid using the fullname, username, password, and email parameters in the affected file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.