A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system.
The application does not sanitize user input data before using it in SQL queries. An attacker can manipulate the values of the remail and rpassword fields in the login form by injecting arbitrary SQL code. In this way, the authentication logic is bypassed and the application grants access without knowing the correct login credentials.
An attacker can completely bypass authentication and gain unauthorized access to the blood bank management system, which may lead to disclosure, modification, or deletion of sensitive patient and donor data.
Patches available from the vendor should be applied according to references. Additionally, it is recommended to implement parameterized SQL queries (prepared statements) and restrict public access to the login interface.
Blood Bank Management System version 1.0 (receiverLogin.php component)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:NShridharshukl Blood Bank Management System
APPShridharshukl1.0
Related vulnerabilities
Eskalacja uprawnień w Blood Bank Management System 1.0 (delete.php)
SQL Injection w Blood Bank Management System — obejście uwierzytelnienia
SQL Injection i Auth Bypass w Blood Bank Management System 1.0
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinf...
A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php...