Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-46017 — SQL Injection in Blood Bank

CWE-89 — SQL Injection4 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 77.42%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Code-projects Blood Bank

Timeline

PublishedNov 13

Latest updateFeb 28

Description

SQL Injection vulnerability in receiverLogin.php in Code-Projects Blood Bank 1.0 allows attackers to run arbitrary SQL commands via 'remail' and 'rpassword' parameters.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

▶NVDcode-projects/blood_bank1.0

🔴Vulnerability Details

GHSA

GHSA-x8x4-h4w2-j78g: SQL Injection vulnerability in receiverLogin↗2023-11-14

▶

CVEList

CVE-2023-46017: SQL Injection vulnerability in receiverLogin↗2023-11-13

▶

💥Exploits & PoCs

Exploit-DB

Blood Bank v1.0 - Multiple SQL Injection↗2024-02-28

▶