Blood Bank Security Vulnerabilities and Issues — Blood Bank CVE List

Code-projectsBlood Bank

9 matches found

CVE•added 2023/11/13 12:0 a.m.•73 views

CVE-2023-46014

The CVE-2023-46014 case concerns Code-Projects Blood Bank v1.0. A SQL Injection flaw exists in hospitalLogin.php, exploitable via the hemail and hpassword parameters, enabling arbitrary SQL commands and potential authentication bypass. Technical context from connected documents confirms the vulne...

5.5CVSS6.2AI score0.00394EPSS

CVE•added 2023/11/13 12:0 a.m.•63 views

CVE-2023-46018

Summary: CVE-2023-46018 affects Code-Projects Blood Bank 1.0. The vulnerability is a SQL injection in receiverReg.php via the remail parameter due to insufficient input validation, enabling attackers to run arbitrary SQL commands and potentially access data. The exploit is demonstrated in PoCs/ex...

5.5CVSS6.1AI score0.00355EPSS

Web

CVE•added 2023/11/14 12:0 a.m.•61 views

CVE-2023-46022

CVE-2023-46022 concerns Code-Projects Blood Bank v1.0, with a SQL Injection in delete.php via the bid parameter. The root cause is improper input handling in delete.php, enabling attackers to execute arbitrary SQL commands. Reported impact includes potential data exposure and unauthorized databas...

7.8CVSS8AI score0.00795EPSS

CVE•added 2023/11/13 12:0 a.m.•58 views

CVE-2023-46016

Code-Projects Blood Bank 1.0 is vulnerable to a reflected XSS in abs.php via the search parameter. The issue stems from insufficient input sanitization, allowing an attacker to inject and execute arbitrary script in a victim’s browser. A PoC exploit is provided showing the attack payload and affe...

6.1CVSS6.1AI score0.00471EPSS

Web

CVE•added 2023/11/13 12:0 a.m.•54 views

CVE-2023-46020

Code-Projects Blood Bank 1.0 is affected by a Stored XSS in updateprofile.php. The vulnerability stems from insufficient input validation/sanitization of parameters rename, remail, rphone, and rcity, allowing injected scripts to be stored and executed in other users’ browsers. Exploit details and...

6.1CVSS6.1AI score0.00479EPSS

CVE•added 2023/11/13 12:0 a.m.•41 views

CVE-2023-46021

Code-Projects Blood Bank v1.0 is affected by a SQL Injection in cancel.php via the reqid parameter. The root cause is insufficient input validation, enabling an attacker to execute arbitrary commands (local attack; high confidentiality impact; no integrity/availability impact reported). Public re...

5.5CVSS6.3AI score0.00349EPSS

CVE•added 2023/11/13 12:0 a.m.•39 views

CVE-2023-46019

CVE-2023-46019 is a reflected XSS vulnerability in Code-Projects Blood Bank 1.0, triggered by the error parameter in abs.php. The vulnerability is caused by insufficient input validation, allowing arbitrary script injection in the user’s browser. Connected docs provide a PoC payload and confirm t...

6.1CVSS6AI score0.00471EPSS

Web

CVE•added 2023/11/13 12:0 a.m.•34 views

CVE-2023-46015

CVE-2023-46015 affects Code-Projects Blood Bank 1.0. It is a Reflected Cross-Site Scripting (XSS) vulnerability in index.php, exploitable via the msg parameter in the application URL. The NVD lists a CVSS v3.1 base score of 6.1 (Medium) with network attack vector, user interaction required, and p...

6.1CVSS6AI score0.00471EPSS

Web

CVE•added 2023/11/13 12:0 a.m.•34 views

CVE-2023-46017

CVE-2023-46017 affects Code-Projects Blood Bank 1.0. The vulnerability is an SQL injection in receiverLogin.php via the remail/rpassword parameters, enabling attackers to execute arbitrary SQL commands. Reported PoC details show local exploitation against both login paths (receiverLogin.php and h...

5.5CVSS6.2AI score0.00355EPSS

Web