CVE-2025-63532

Name of the Vulnerable Software and Affected Versions Blood Bank Management System version 1.0

Description The application does not properly sanitize user-supplied input within SQL queries, leading to a SQL injection issue. An attacker can manipulate the search field to inject arbitrary SQL code, potentially bypassing authentication and gaining unauthorized access to the system. The vulnerability exists within the cancel.php component. The search field is the entry point for the attack.

Recommendations Apply proper input validation and sanitization techniques to all user-supplied data used in SQL queries. Specifically, address the vulnerability in the cancel.php component and the search field.