CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12941 – CodeAstro Blood Donor Management System deletedannounce.php sql injection
https://notcve.org/view.php?id=CVE-2024-12941
26 Dec 2024 — A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 1%CPEs: 1EXPL: 2CVE-2022-40470
https://notcve.org/view.php?id=CVE-2022-40470
21 Nov 2022 — Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. Phpgurukul Blood Donor Management System 1.0 permite Cross Site Scripting mediante la función Agregar nombre de grupo sanguíneo. • https://github.com/RashidKhanPathan/CVE-2022-40470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •