VDB-303149 · CVE-2025-3195 · GCVE-100-303149

itsourcecode Online Blood Bank Management System 1.0 /bbms.php Sesha SQL Injection

Kubonakale ubuthakathaka obubizwa ngokuthi kubalulekile kakhulu ku itsourcecode Online Blood Bank Management System 1.0. Kuthintekile umsebenzi ongaziwayo kufayela /bbms.php. Ukuphathwa kwepharamitha Sesha kuholela ku SQL Injection. Ukusebenzisa i-CWE ukusho inkinga kuholela ku-CWE-89. Kuboniswe ubuthakathaka lolu 2025-04-03. Isaziso singalayishwa ku-github.com. Le buthakathaka itholakala njenge CVE-2025-3195. Ukuhlasela kungaqalwa kude. Imininingwane yezobuchwepheshe iyatholakala. Ngaphezu kwalokho, i-exploit ikhona. Ukuhlaselwa sekudalulwe ebantwini futhi kungasetshenziswa. Njengamanje, intengo yamanje ye-exploit ingahle ibe cishe USD $0-$5k okwamanje. Ungakwazi ukulanda i-exploit ku-github.com. If you want to get the best quality for vulnerability data then you always have to consider VulDB.

3 Ukulungiswa · 87 Amaphuzu wedatha

Insimu	Kudalwa 2025-04-03 12:55	Ukuvuselelwa 1/2 2025-04-04 12:11	Ukuvuselelwa 2/2 2025-04-04 14:13
software_vendor	itsourcecode	itsourcecode	itsourcecode
software_name	Online Blood Bank Management System	Online Blood Bank Management System	Online Blood Bank Management System
software_version	1.0	1.0	1.0
software_file	/bbms.php	/bbms.php	/bbms.php
software_argument	search	search	search
vulnerability_cwe	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)	CWE-89 (SQL Injection)
vulnerability_risk	2	2	2
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	N	N	N
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	L	L	L
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	L	L	L
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/p1026/CVE/issues/21	https://github.com/p1026/CVE/issues/21	https://github.com/p1026/CVE/issues/21
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/p1026/CVE/issues/21	https://github.com/p1026/CVE/issues/21	https://github.com/p1026/CVE/issues/21
source_cve	CVE-2025-3195	CVE-2025-3195	CVE-2025-3195
cna_responsible	VulDB	VulDB	VulDB
software_type	Banking Software	Banking Software	Banking Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	P	P	P
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	P	P	P
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_ui	N	N	N
cvss4_vuldb_vc	L	L	L
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	L	L	L
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	7.5	7.5	7.5
cvss2_vuldb_tempscore	6.4	6.4	6.4
cvss3_vuldb_basescore	7.3	7.3	7.3
cvss3_vuldb_tempscore	6.6	6.6	6.6
cvss3_meta_basescore	7.3	7.3	7.3
cvss3_meta_tempscore	6.6	6.9	6.9
cvss4_vuldb_bscore	6.9	6.9	6.9
cvss4_vuldb_btscore	5.5	5.5	5.5
advisory_date	1743631200 (2025-04-03)	1743631200 (2025-04-03)	1743631200 (2025-04-03)
price_0day	$0-$5k	$0-$5k	$0-$5k
cve_nvd_summary		A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0. This issue affects some unknown processing of the file /bbms.php. The manipulation of the argument Search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.	A vulnerability, which was classified as critical, has been found in itsourcecode Online Blood Bank Management System 1.0. This issue affects some unknown processing of the file /bbms.php. The manipulation of the argument Search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
cvss4_cna_av		N	N
cvss4_cna_ac		L	L
cvss4_cna_at		N	N
cvss4_cna_pr		N	N
cvss4_cna_ui		N	N
cvss4_cna_vc		L	L
cvss4_cna_vi		L	L
cvss4_cna_va		L	L
cvss4_cna_sc		N	N
cvss4_cna_si		N	N
cvss4_cna_sa		N	N
cvss4_cna_bscore		6.9	6.9
cvss3_cna_av		N	N
cvss3_cna_ac		L	L
cvss3_cna_pr		N	N
cvss3_cna_ui		N	N
cvss3_cna_s		U	U
cvss3_cna_c		L	L
cvss3_cna_i		L	L
cvss3_cna_a		L	L
cvss3_cna_basescore		7.3	7.3
cvss2_cna_av		N	N
cvss2_cna_ac		L	L
cvss2_cna_au		N	N
cvss2_cna_ci		P	P
cvss2_cna_ii		P	P
cvss2_cna_ai		P	P
cvss2_cna_basescore		7.5	7.5
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad clasificada como crítica en itsourcecode Online Blood Bank Management System 1.0. Este problema afecta a un procesamiento desconocido del archivo /bbms.php. La manipulación del argumento "Buscar" provoca una inyección SQL. El ataque podría iniciarse remotamente. Se ha hecho público el exploit y puede que sea utilizado.

◂ Buyela emuva Uhlolo Oluphelele Qhubeka ▸

Do you need the next level of professionalism?

Upgrade your account now!