cbcvebase.

Shridharshukl Blood Bank Management System vulnerabilities

10 known vulnerabilities affecting shridharshukl/blood_bank_management_system.

Total CVEs
10
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH4MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2025-63531P2CRITICALCVSS 9.8v1.02025-12-01
CVE-2025-63531 [CRITICAL] CWE-89 CVE-2025-63531: A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogi A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the receiverLogin.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the remail and rpassword fields, an attacker can bypass authentication and gain unautho
nvd
CVE-2025-63532P2HIGHCVSS 8.8v1.02025-12-01
CVE-2025-63532 [HIGH] CWE-89 CVE-2025-63532: A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php c A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system
nvd
CVE-2025-63535P3HIGHCVSS 8.8v1.02025-12-01
CVE-2025-63535 [HIGH] CWE-89 CVE-2025-63535: A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php comp A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The application fails to properly sanitize usersupplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.
nvd
CVE-2025-63525P3HIGHCVSS 8.8v1.02025-12-01
CVE-2025-63525 [HIGH] CWE-284 CVE-2025-63525: An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perf An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with escalated privileges via crafted request to delete.php.
nvd
CVE-2025-63529P3HIGHCVSS 8.8v1.02025-12-01
CVE-2025-63529 [HIGH] CWE-384 CVE-2025-63529: A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating a new one, enabling the attacker to hijack the authenti
nvd
CVE-2025-63528P4MEDIUMCVSS 5.4v1.02025-12-01
CVE-2025-63528 [MEDIUM] CWE-79 CVE-2025-63528: A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the blooddinfo.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the error parameter, which is then executed in the victim's b
nvd
CVE-2025-63526P4MEDIUMCVSS 5.4v1.02025-12-01
CVE-2025-63526 [MEDIUM] CWE-79 CVE-2025-63526: A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg parameter, which is then executed in the victim's browser when t
nvd
CVE-2025-63527P4MEDIUMCVSS 5.4v1.02025-12-01
CVE-2025-63527 [MEDIUM] CWE-79 CVE-2025-63527: A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and hprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the hname, hemail, hpassword, hphone, hc
nvd
CVE-2025-63534P4MEDIUMCVSS 5.4v1.02025-12-01
CVE-2025-63534 [MEDIUM] CWE-79 CVE-2025-63534: A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the msg and error parameters, which are then executed in the victi
nvd
CVE-2025-63533P4MEDIUMCVSS 5.4v1.02025-12-01
CVE-2025-63533 [MEDIUM] CWE-79 CVE-2025-63533: A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php and rprofile.php components. The application fails to properly sanitize or encode user-supplied input before rendering it in response. An attacker can inject malicious JavaScript payloads into the rname, remail, rpassword, rphone, rc
nvd
Shridharshukl Blood Bank Management System vulnerabilities | cvebase