Code-Projects Blood Bank Management System Directory Listing Vulnerability

A critical directory listing vulnerability has been identified in Code-Projects Blood Bank Management System version 1.0. This issue arises from an unknown processing flaw in the file '/upload/', allowing unauthorized access to sensitive information through directory listings. The vulnerability can be exploited remotely, exposing uploaded patient images, including medical records and photos, without requiring authentication or authorization.

Impact

Exploitation of this vulnerability leads to unauthorized access to sensitive files, such as medical images and records, stored in the application's upload directory.

Reproduction

To reproduce this vulnerability, log into the application as a low-privileged user. Navigate to the 'Request for blood' section, upload a patient image, and then access the '/blood bank2/upload/' directory. All uploaded files will be accessible without authentication.