CVE-2025-2391 — Injection in Blood Bank Management System

CWE-74 — Injection CWE-89 — SQL Injection CWE-179 — Incorrect Behavior Order: Early Validation CWE-20 — Improper Input Validation5 documents5 sources

Severity

6.9MEDIUMNVD

GHSA6.3

EPSS

0.1%

top 68.04%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Code-projects Blood Bank Management System Fabian Blood Bank Management System

Timeline

PublishedMar 17

Latest updateFeb 12

Description

A vulnerability classified as critical was found in code-projects Blood Bank Management System 1.0. This vulnerability affects unknown code of the file /admin/admin_login.php of the component Admin Login Page. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Affected Packages2 packages

▶CVEListV5code-projects/blood_bank_management_system1.0

▶NVDfabian/blood_bank_management_system1.0

🔴Vulnerability Details

GHSA

qs's arrayLimit bypass in comma parsing allows denial of service↗2026-02-12

▶

GHSA

GHSA-3h28-663g-h6cx: A vulnerability classified as critical was found in code-projects Blood Bank Management System 1↗2025-03-17

▶

CVEList

code-projects Blood Bank Management System Admin Login Page admin_login.php sql injection↗2025-03-17

▶