CRITICAL🇵🇱 Wersja polska

CVE-2025-63532

CVSS 9.6v3.1pub. 2025-12-01upd. 2025-12-04

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
  • Shridharshukl Blood Bank Management System

    APP
    Shridharshukl
    1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
SQLiAuth Bypass
CWE
References

Related vulnerabilities

CVE-2025-63525CRITICAL9.6PL ✓ten sam produkt

Eskalacja uprawnień w Blood Bank Management System 1.0 (delete.php)

CVE-2025-63531CRITICAL10.0PL ✓ten sam produkt

SQL Injection z pominięciem uwierzytelnienia w Blood Bank Management System

CVE-2025-63535CRITICAL9.6PL ✓ten sam produkt

SQL Injection i Auth Bypass w Blood Bank Management System 1.0

CVE-2025-63528HIGH8.5ten sam produkt

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinf...

CVE-2025-63534HIGH8.5ten sam produkt

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php...