CVE-2022-38813

HIGH

PHPGurukul Blood Donor Mgmt <1.0 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-38813. PoCs published by RashidKhanPathan.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2022-38813, demonstrating an authenticated privilege escalation vulnerability in Blood Donor Management System v1.0. The exploit authenticates as a normal user and then accesses the admin dashboard by manipulating the URL parameter.

Description

PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.

Exploits (1)

nomisec WORKING POC 2 stars
by RashidKhanPathan · poc
https://github.com/RashidKhanPathan/CVE-2022-38813

The repository contains a functional exploit for CVE-2022-38813, demonstrating an authenticated privilege escalation vulnerability in Blood Donor Management System v1.0. The exploit authenticates as a normal user and then accesses the admin dashboard by manipulating the URL parameter.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Blood Donor Management System Using Codeigniter v1.0
Auth required
Prerequisites: Valid user credentials for the Blood Donor Management System
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (4)

Core 4

Scores

CVSS v3 8.1
EPSS 0.0146
EPSS Percentile 70.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-668
Status published
Products (1)
phpgurukul_blood_donor_management_system_project/phpgurukul_blood_donor_management_system 1.0
Published Nov 25, 2022
Tracked Since Feb 18, 2026