Blood Bank Management System SQL Injection Vulnerability

A critical SQL injection vulnerability has been identified in the Blood Bank Management System version 1.0. The issue arises in the file '/admin/delete_bloodGroup.php', where the 'blood_id' parameter can be manipulated to inject malicious SQL queries. This vulnerability can be exploited remotely, potentially compromising the application's database and the data it holds.

Impact

Exploitation of this vulnerability allows for SQL injection, where an attacker can inject and execute malicious SQL queries. This could lead to unauthorized data access, data manipulation, or in some cases, executing administrative operations on the database.

Reproduction

To reproduce this vulnerability, log into the application with admin privileges. Navigate to the '/admin/delete_bloodGroup.php' page and append a SQL injection payload to the 'blood_id' parameter. The application will respond with an SQL error, indicating that the injection was successful. After confirming the vulnerability, it can be exploited using SQLMap or a similar tool.