Volerion logoVolerion
Volerion logoVolerion

Blood Bank Management System SQL Injection Vulnerability in cancel.php Component

Vulnerability

A SQL injection vulnerability has been identified in Blood Bank Management System version 1.0, specifically within the cancel.php component. The vulnerability arises because the application does not adequately sanitize user input in SQL queries. This flaw allows attackers to inject arbitrary SQL code, potentially bypassing authentication and gaining unauthorized access to the system.

Impact

Exploitation of this vulnerability allows attackers to perform SQL injection, with the potential to manipulate database queries, access or modify database information, and bypass authentication.

Reproduction

To reproduce this vulnerability, log into the application and navigate to the sentrequest.php page. Inject SQL code into the request ID parameter of the cancel.php component to exploit the SQL injection vulnerability. This can be done by manipulating the search field to include malicious SQL code, which can then be executed by the database.

Added: Dec 1, 2025, 4:25 PM
Updated: Dec 1, 2025, 7:24 PM

Vulnerability Rating

Custom Algorithm
spread
0.3
impact
5.0
exploitability
9.1
remediation
0.0
relevance
1.3
threat
6.4
urgency
2.9
incentive
10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.