vendor:
Blood Bank
by:
Ersin Erenler
6.1
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Blood Bank
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: CVE-2023-46022
CPE: a:code-projects:blood_bank:1.0
Platforms Tested: Windows, Linux
2023
Blood Bank 1.0 – ‘bid’ SQL Injection
The 'bid' parameter in /delete.php of Code-Projects Blood Bank V1.0 is vulnerable to Out-of-Band SQL Injection. Attackers can exploit this by using Burp Collaborator to execute OOB SQL injection attacks, potentially gaining access to sensitive data.
Mitigation:
To mitigate this vulnerability, ensure all user inputs are properly validated and sanitized to prevent SQL injection attacks. Additionally, utilize parameterized queries or ORM frameworks to interact with the database.
