CVE-2024-12955

MEDIUM

Phpgurukul Blood Bank & Donor Managem... - Missing Authorization

Title source: rule

Description

A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

exploitdb WORKING POC

by Kwangyun Keum · textwebappsmultiple

https://www.exploit-db.com/exploits/52256

View Code ZIP pw:eip

References (4)

[Product] https://phpgurukul.com/

[Permissions Required, VDB Entry] https://vuldb.com/?ctiid.289318

[Third Party Advisory, VDB Entry] https://vuldb.com/?id.289318

[Third Party Advisory, VDB Entry] https://vuldb.com/?submit.468878

Scores

CVSS v3 4.3

EPSS 0.0017

EPSS Percentile 37.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-862 CWE-352

Status published

Products (1)

phpgurukul/blood_bank_\&_donor_management_system 2.4

Published Dec 26, 2024

Tracked Since Feb 18, 2026