Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-46018

CWE-89SQL Injection4 documents4 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 77.43%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Code-projects Blood Bank
Timeline
PublishedNov 13
Latest updateFeb 28

Description

SQL injection vulnerability in receiverReg.php in Code-Projects Blood Bank 1.0 \allows attackers to run arbitrary SQL commands via 'remail' parameter.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

2
GHSA
GHSA-9hg8-gv7c-hrqj: SQL injection vulnerability in receiverReg2023-11-14
CVEList
CVE-2023-46018: SQL injection vulnerability in receiverReg2023-11-13

💥Exploits & PoCs

1
Exploit-DB
Blood Bank v1.0 - Multiple SQL Injection2024-02-28
CVE-2023-46018 (MEDIUM CVSS 5.5) | SQL injection vulnerability in rece | cvebase.io