CVE-2024-7320

HIGH

Adonesevangelista Online Blood Bank Management System - SQL Injection

Title source: rule

Description

A vulnerability classified as critical has been found in itsourcecode Online Blood Bank Management System 1.0. This affects an unknown part of the file /admin/index.php of the component Admin Login. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-273231.

Exploits (1)

github WRITEUP

by cl4irv0yance · poc

https://github.com/cl4irv0yance/CVEs/tree/main/CVE-2024-7320

View Code ZIP pw:eip

References (4)

[Permissions Required] https://vuldb.com/?id.273231

[Permissions Required] https://vuldb.com/?ctiid.273231

[VDB Entry] https://vuldb.com/?submit.383397

[Exploit] https://github.com/cl4irv0yance/CVEs/issues/3

Scores

CVSS v3 7.3

EPSS 0.0024

EPSS Percentile 47.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (1)

adonesevangelista/online_blood_bank_management_system 1.0

Published Jul 31, 2024

Tracked Since Feb 18, 2026