72 matches found
CVE-2023-46019
CVE-2023-46019 is a reflected XSS vulnerability in Code-Projects Blood Bank 1.0, triggered by the error parameter in abs.php. The vulnerability is caused by insufficient input validation, allowing arbitrary script injection in the user’s browser. Connected docs provide a PoC payload and confirm t...
CVE-2023-46017
CVE-2023-46017 affects Code-Projects Blood Bank 1.0. The vulnerability is an SQL injection in receiverLogin.php via the remail/rpassword parameters, enabling attackers to execute arbitrary SQL commands. Reported PoC details show local exploitation against both login paths (receiverLogin.php and h...
CVE-2023-46021
Code-Projects Blood Bank v1.0 is affected by a SQL Injection in cancel.php via the reqid parameter. The root cause is insufficient input validation, enabling an attacker to execute arbitrary commands (local attack; high confidentiality impact; no integrity/availability impact reported). Public re...
CVE-2023-46015
CVE-2023-46015 affects Code-Projects Blood Bank 1.0. It is a Reflected Cross-Site Scripting (XSS) vulnerability in index.php, exploitable via the msg parameter in the application URL. The NVD lists a CVSS v3.1 base score of 6.1 (Medium) with network attack vector, user interaction required, and p...
CVE-2023-46020
Code-Projects Blood Bank 1.0 is affected by a Stored XSS in updateprofile.php. The vulnerability stems from insufficient input validation/sanitization of parameters rename, remail, rphone, and rcity, allowing injected scripts to be stored and executed in other users’ browsers. Exploit details and...
CVE-2023-46019
Cross Site Scripting XSS vulnerability in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'error' parameter...
CVE-2023-46016
Cross Site Scripting XSS in abs.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary code via the 'search' parameter in the application URL...
CVE-2023-46018
Summary: CVE-2023-46018 affects Code-Projects Blood Bank 1.0. The vulnerability is a SQL injection in receiverReg.php via the remail parameter due to insufficient input validation, enabling attackers to run arbitrary SQL commands and potentially access data. The exploit is demonstrated in PoCs/ex...
PT-2023-29803 · Unknown · Code-Projects Blood Bank
Name of the Vulnerable Software and Affected Versions: Code-Projects Blood Bank version 1.0 Description: The issue allows attackers to execute arbitrary commands via the reqid parameter in the cancel.php file. This can be exploited to run unauthorized commands. Recommendations: For Code-Projects...
CVE-2023-46014
The CVE-2023-46014 case concerns Code-Projects Blood Bank v1.0. A SQL Injection flaw exists in hospitalLogin.php, exploitable via the hemail and hpassword parameters, enabling arbitrary SQL commands and potential authentication bypass. Technical context from connected documents confirms the vulne...
Exploit for SQL Injection in Code-Projects Blood_Bank
CVE-2023-46022-Code-Projects-Blood-Bank-1.0-OOB-SQL-Injection-...
PT-2023-29795 · Unknown · Code-Projects Blood Bank
Name of the Vulnerable Software and Affected Versions: Code-Projects Blood Bank version 1.0 Description: The issue allows attackers to execute arbitrary SQL commands by exploiting the SQL Injection vulnerability in the hospitalLogin.php file. This is achieved via the hemail and hpassword...