VDB-282008 · CVE-2024-10448 · GCVE-100-282008

code-projects Blood Bank Management System 1.0 /file/delete.php bid Kari ndiyam site laa request forgery

Hakika vulnerability da aka rarraba a matsayin karshewa an gano a code-projects Blood Bank Management System 1.0. Tabbas, aikin $software_function ne ke da matsala; idan ba a bayyana ba, to aiki ce da ba a sani ba, a cikin laburare $software_library, a cikin fayil /file/delete.php, a cikin sashi $software_component. Wuro manipulation of the argument bid ga Kari ndiyam site laa request forgery. Amfani da CWE wajen bayyana matsala yana kaiwa CWE-352. Lalle, rauni an sanar da shi 10/28/2024. Ana samun bayanin tsaro don saukewa a github.com. Ana kiran wannan rauni da CVE-2024-10448. Ngam yiɗi ka a tuma ndiyam ka internet. Bayani na fasaha ga. Kuma, akwai exploit. Exploit ɗin an bayyana wa jama'a, za a iya amfani da shi. Yimbe ndiyam, exploit might be approx. USD $0-$5k wuro. Á yí huɗɗi-na-gaskiya. Za a iya samun exploit a github.com. 0-day ga, an ndiyam a wuro be $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Goyarwa · 101 Datenpunkte

Furɗe	Súgá 10/28/2024 07:22	Gargadi 1/2 03/02/2025 22:56	Gargadi 2/2 10/23/2025 23:13
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_vc	N	N	N
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	N	N	N
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_ui	N	P	P
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9
cvss3_meta_basescore	4.3	4.3	5.0
cvss3_meta_tempscore	3.9	3.9	4.9
cvss4_vuldb_bscore	6.9	5.3	5.3
cvss4_vuldb_btscore	5.5	2.1	2.1
advisory_date	1730070000 (10/28/2024)	1730070000 (10/28/2024)	1730070000 (10/28/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
software_vendor	code-projects	code-projects	code-projects
software_name	Blood Bank Management System	Blood Bank Management System	Blood Bank Management System
software_version	1.0	1.0	1.0
software_file	/file/delete.php	/file/delete.php	/file/delete.php
software_argument	bid	bid	bid
vulnerability_cwe	CWE-352 (Kari ndiyam site laa request forgery)	CWE-352 (Kari ndiyam site laa request forgery)	CWE-352 (Kari ndiyam site laa request forgery)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/bevennyamande/bloodbank_delete_csrf_attack	https://github.com/bevennyamande/bloodbank_delete_csrf_attack	https://github.com/bevennyamande/bloodbank_delete_csrf_attack
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/bevennyamande/bloodbank_delete_csrf_attack	https://github.com/bevennyamande/bloodbank_delete_csrf_attack	https://github.com/bevennyamande/bloodbank_delete_csrf_attack
source_cve	CVE-2024-10448	CVE-2024-10448	CVE-2024-10448
cna_responsible	VulDB	VulDB	VulDB
decision_summary	Other endpoints might be affected as well.	Other endpoints might be affected as well.	Other endpoints might be affected as well.
software_type	Banking Software	Banking Software	Banking Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss2_cna_au			N
cvss2_cna_ci			N
cvss2_cna_ii			P
cvss2_cna_ai			N
cvss2_cna_basescore			5
cve_nvd_summary			A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well.
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad clasificada como problemática en code-projects Blood Bank Management System 1.0. Este problema afecta a algunas funciones desconocidas del archivo /file/delete.php. La manipulación del argumento bid conduce a cross-site request forgery. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse. También pueden verse afectados otros endpoints.
cvss4_cna_av			N
cvss4_cna_ac			L
cvss4_cna_at			N
cvss4_cna_pr			N
cvss4_cna_ui			N
cvss4_cna_vc			N
cvss4_cna_vi			L
cvss4_cna_va			N
cvss4_cna_sc			N
cvss4_cna_si			N
cvss4_cna_sa			N
cvss4_cna_bscore			6.9
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cvss3_cna_basescore			4.3
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			H
cvss3_nvd_a			N
cvss3_nvd_basescore			6.5
cvss2_cna_av			N
cvss2_cna_ac			L

◂ Gurɗo Gumti Gada ▸

Do you need the next level of professionalism?

Upgrade your account now!