Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-46014SQL Injection in Blood Bank

CWE-89SQL Injection4 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 71.26%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Code-projects Blood Bank
Timeline
PublishedNov 13
Latest updateFeb 28

Description

SQL Injection vulnerability in hospitalLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'hemail' and 'hpassword' parameters.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-h42p-m2rq-vxxg: SQL Injection vulnerability in hospitalLogin2023-11-14
CVEList
CVE-2023-46014: SQL Injection vulnerability in hospitalLogin2023-11-13

💥Exploits & PoCs

1
Exploit-DB
Blood Bank v1.0 - Multiple SQL Injection2024-02-28
CVE-2023-46014 — SQL Injection in Blood Bank | cvebase