CVE-2024-7320

HIGH

Online Blood Bank Management System 1.0 - SQL Injection via Admin Login User Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-7320. PoCs published by cl4irv0yance.

AI-analyzed exploit summary The repository contains a detailed technical analysis of CVE-2024-7320, an authentication bypass via SQL injection in the Online Blood Bank Management System v1.0. It includes root cause analysis, proof-of-concept HTTP requests, and remediation guidance.

Description

A vulnerability classified as critical has been found in itsourcecode Online Blood Bank Management System 1.0. This affects an unknown part of the file /admin/index.php of the component Admin Login. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273231.

Exploits (1)

github WRITEUP

by cl4irv0yance · poc

https://github.com/cl4irv0yance/CVEs/tree/main/CVE-2024-7320

View Code ZIP pw:eip

The repository contains a detailed technical analysis of CVE-2024-7320, an authentication bypass via SQL injection in the Online Blood Bank Management System v1.0. It includes root cause analysis, proof-of-concept HTTP requests, and remediation guidance.

Classification

Writeup 100%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Online Blood Bank Management System v1.0

No auth needed

Prerequisites: Access to the vulnerable application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1078 - Valid Accounts

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (4)

Core 4

Core References

Permissions Required vdb-entry technical-description

https://vuldb.com/?id.273231

Permissions Required signature permissions-required

https://vuldb.com/?ctiid.273231

VDB Entry third-party-advisory

https://vuldb.com/?submit.383397

Exploit exploit issue-tracking

https://github.com/cl4irv0yance/CVEs/issues/3

Scores

CVSS v3 7.3

EPSS 0.0074

EPSS Percentile 50.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

adonesevangelista/online_blood_bank_management_system 1.0

Published Jul 31, 2024

Tracked Since Feb 18, 2026