Blood Bank & Donor Management 5.6 SQL Injection Vulnerability (CVE-2024-0459)

Critical Vulnerability Information Vulnerability Name: Blood Bank & Donor Management 5.6 Request-received-bydonar.php SQL Injection Vulnerability ID: - VDB-250564 - CVE-2024-0459 - GCVE-100-250564 Summary: - A vulnerability classified as "Critical" exists in Blood Bank & Donor Management version 5.6. - The vulnerability affects an unknown function in the file . - Exploitation may lead to SQL injection. - The attack can be initiated remotely, and a proof-of-concept exploit is available. Details: - The vulnerability affects Blood Bank & Donor Management 5.6 (banking software) and is categorized as Critical. - It impacts an unknown processing routine within the file . - SQL commands are constructed using external input from upstream components, either partially or fully, without properly neutralizing special elements that could alter the intended SQL command, resulting in an SQL injection vulnerability. - The CWE defines this vulnerability as CWE-89. - Impacts confidentiality, integrity, and availability. Related Technical Information: - The vulnerability was shared on January 12, 2024, with technical details and public exploit code known. - MITRE ATT&CK labels the attack technique as T1505. - The exploit can be downloaded from drive.google.com and is declared as a proof-of-concept. - Vulnerable targets can be found via Google Hacking: Mitigation: - No known countermeasures are available. - It is recommended to replace the affected component with an alternative product.

Goal Reached Thanks to every supporter — we hit 100%!

Blood Bank & Donor Management 5.6 SQL Injection Vulnerability (CVE-2024-0459)