PT-2025-48459 · Unknown · Blood Bank Management System
Published
2025-12-01
·
Updated
2025-12-01
·
CVE-2025-63529
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Blood Bank Management System version 1.0
Description
A session fixation issue exists in the Blood Bank Management System. An attacker can set or predict a user's session identifier before authentication. Specifically, the vulnerability is present in the
login.php file. When a victim logs in, the application uses the attacker-supplied session ID instead of creating a new one, allowing the attacker to hijack the authenticated session and gain unauthorized access to the victim's account.Recommendations
Versions prior to 1.0 should be updated.
Exploit
Fix
Session Fixation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Blood Bank Management System