CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-50487
https://notcve.org/view.php?id=CVE-2025-50487
28 Jul 2025 — Improper session invalidation in the component /bbdms/change-password.php of PHPGurukul Blood Bank & Donor Management System v2.4 allows attackers to execute a session hijacking attack. La invalidación de sesión incorrecta en el componente /bbdms/change-password.php de PHPGurukul Blood Bank & Donor Management System v2.4 permite a los atacantes ejecutar un ataque de secuestro de sesión. • http://blood.com • CWE-613: Insufficient Session Expiration •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-4176 – PHPGurukul Blood Bank & Donor Management System request-received-bydonar.php sql injection
https://notcve.org/view.php?id=CVE-2025-4176
01 May 2025 — A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/bluechips-zhao/myCVE/issues/5 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12982 – PHPGurukul Blood Bank & Donor Management System update-contactinfo.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-12982
27 Dec 2024 — A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. • https://phpgurukul.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 2CVE-2024-12955 – PHPGurukul Blood Bank & Donor Management System logout.php cross-site request forgery
https://notcve.org/view.php?id=CVE-2024-12955
26 Dec 2024 — A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://packetstorm.news/files/id/190568 • CWE-352: Cross-Site Request Forgery (CSRF) CWE-862: Missing Authorization •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0476 – Blood Bank & Donor Management request-received-bydonar.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0476
13 Jan 2024 — A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0459 – Blood Bank & Donor Management request-received-bydonar.php sql injection
https://notcve.org/view.php?id=CVE-2024-0459
12 Jan 2024 — A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2023-41575
https://notcve.org/view.php?id=CVE-2023-41575
08 Sep 2023 — Multiple stored cross-site scripting (XSS) vulnerabilities in /bbdms/sign-up.php of Blood Bank & Donor Management v2.2 allow attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name, Message, or Address parameters. Múltiples vulnerabilidades de Cross-Site Scripting (XSS) Almacenado en /bbdms/sign-up.php de Blood Bank & Donor Management v2.2 permiten a los atacantes ejecutar scripts web arbitrarios o HTML a través de un payload manipulado inyectado en los parám... • https://github.com/soundarkutty/Stored-xss • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 2%CPEs: 1EXPL: 2CVE-2022-38813
https://notcve.org/view.php?id=CVE-2022-38813
25 Nov 2022 — PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. PHPGurukul Blood Donor Management System 1.0 no restringe adecuadamente el acceso a admin/dashboard.php, lo que permite a los atacantes acceder a todos los datos de los usuarios, eliminarlos, agregar y administrar grupos sanguíneos y enviar informes. • https://github.com/RashidKhanPathan/CVE-2022-38813 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.8EPSS: 1%CPEs: 1EXPL: 2CVE-2022-40470
https://notcve.org/view.php?id=CVE-2022-40470
21 Nov 2022 — Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. Phpgurukul Blood Donor Management System 1.0 permite Cross Site Scripting mediante la función Agregar nombre de grupo sanguíneo. • https://github.com/RashidKhanPathan/CVE-2022-40470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •