CRITICAL🇵🇱 Wersja polska

CVE-2025-63531

CVSS 10.0v3.1pub. 2025-12-01upd. 2025-12-02

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unauthorized access to the system.

🤖 AI Analysis
How it works

The application does not sanitize user input data before using it in SQL queries. An attacker can manipulate the values of the remail and rpassword fields in the login form by injecting arbitrary SQL code. In this way, the authentication logic is bypassed and the application grants access without knowing the correct login credentials.

Impact

An attacker can completely bypass authentication and gain unauthorized access to the blood bank management system, which may lead to disclosure, modification, or deletion of sensitive patient and donor data.

Mitigation & patch

Patches available from the vendor should be applied according to references. Additionally, it is recommended to implement parameterized SQL queries (prepared statements) and restrict public access to the login interface.

Who is affected

Blood Bank Management System version 1.0 (receiverLogin.php component)

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N
  • Shridharshukl Blood Bank Management System

    APP
    Shridharshukl
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2025-63525CRITICAL9.6PL ✓ten sam produkt

Eskalacja uprawnień w Blood Bank Management System 1.0 (delete.php)

CVE-2025-63532CRITICAL9.6PL ✓ten sam produkt

SQL Injection w Blood Bank Management System — obejście uwierzytelnienia

CVE-2025-63535CRITICAL9.6PL ✓ten sam produkt

SQL Injection i Auth Bypass w Blood Bank Management System 1.0

CVE-2025-63528HIGH8.5ten sam produkt

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinf...

CVE-2025-63534HIGH8.5ten sam produkt

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php...