Blood Bank Management System Privilege Escalation Vulnerability

A vulnerability in Blood Bank Management System version 1.0 allows authenticated attackers to escalate privileges and perform unauthorized actions. This is achieved by sending crafted requests to the 'delete.php' file, exploiting inadequate access controls.

Impact

Exploitation of this vulnerability enables authenticated users to manipulate records and perform actions with elevated privileges, potentially leading to unauthorized data changes and access to sensitive information.

Reproduction

To reproduce this vulnerability, log into the application as a user with lower privileges. Then, access the 'bloodinfo.php' page and copy the link to a record. Switch the session to a user with higher privileges, such as a hospital role, and modify the request to delete the record. The action will be successfully completed, demonstrating the privilege escalation.