CVE-2024-9316

A vulnerability classified as critical has been found in code-projects Blood Bank Management System 1.0. Affected is an unknown function of the file /admin/blood/update/B+.php. The manipulation of the argument Bloodname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Configurations

Configuration 1 (hide)

cpe:2.3:a:code-projects:blood_bank_system:1.0:*:*:*:*:*:*:*

History

02 Oct 2024, 13:29

Type Values Removed Values Added
References () https://code-projects.org/ - () https://code-projects.org/ - Product
References () https://github.com/cookie5201314/CVE/blob/main/sql2.md - () https://github.com/cookie5201314/CVE/blob/main/sql2.md - Exploit
References () https://vuldb.com/?ctiid.278820 - () https://vuldb.com/?ctiid.278820 - Permissions Required
References () https://vuldb.com/?id.278820 - () https://vuldb.com/?id.278820 - Third Party Advisory
References () https://vuldb.com/?submit.412584 - () https://vuldb.com/?submit.412584 - Third Party Advisory
First Time Code-projects blood Bank System
Code-projects
CVSS v2 : 6.5
v3 : 6.3
v2 : 6.5
v3 : 7.5
CPE cpe:2.3:a:code-projects:blood_bank_system:1.0:*:*:*:*:*:*:*

30 Sep 2024, 12:45

Type Values Removed Values Added
Summary
  • (es) Se ha encontrado una vulnerabilidad clasificada como crítica en code-projects Blood Bank Management System 1.0. Se ve afectada una función desconocida del archivo /admin/blood/update/B+.php. La manipulación del argumento Bloodname provoca una inyección SQL. Es posible lanzar el ataque de forma remota. El exploit ha sido divulgado al público y puede ser utilizado.

28 Sep 2024, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-09-28 20:15

Updated : 2024-10-02 13:29


NVD link : CVE-2024-9316

Mitre link : CVE-2024-9316

CVE.ORG link : CVE-2024-9316


JSON object : View

Products Affected

code-projects

  • blood_bank_system
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')