CVE-2025-63532
Published
CVSS v3
9.6
CRITICAL
CVSS v2
N/A
Affected
2
PROJECTS
Description
A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.
A full-stack Blood Bank Management System built with PHP, MySQL, and Docker. Enables hospitals and donors to manage blood requests, donations, and inventory seamlessly through a modern web interface
GitHubGitHub