CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-12941 – CodeAstro Blood Donor Management System deletedannounce.php sql injection
https://notcve.org/view.php?id=CVE-2024-12941
26 Dec 2024 — A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://codeastro.com • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-0476 – Blood Bank & Donor Management request-received-bydonar.php cross site scripting
https://notcve.org/view.php?id=CVE-2024-0476
13 Jan 2024 — A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.5EPSS: 3%CPEs: 1EXPL: 2CVE-2022-38813
https://notcve.org/view.php?id=CVE-2022-38813
25 Nov 2022 — PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report. PHPGurukul Blood Donor Management System 1.0 no restringe adecuadamente el acceso a admin/dashboard.php, lo que permite a los atacantes acceder a todos los datos de los usuarios, eliminarlos, agregar y administrar grupos sanguíneos y enviar informes. • https://github.com/RashidKhanPathan/CVE-2022-38813 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 4.8EPSS: 1%CPEs: 1EXPL: 2CVE-2022-40470
https://notcve.org/view.php?id=CVE-2022-40470
21 Nov 2022 — Phpgurukul Blood Donor Management System 1.0 allows Cross Site Scripting via Add Blood Group Name Feature. Phpgurukul Blood Donor Management System 1.0 permite Cross Site Scripting mediante la función Agregar nombre de grupo sanguíneo. • https://github.com/RashidKhanPathan/CVE-2022-40470 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •