VDB-282008 · CVE-2024-10448 · GCVE-100-282008

code-projects Blood Bank Management System 1.0 /file/delete.php bid Falsifikovanje zahteva za unakrsni sajt

Identifikovana je ranjivost klasifikovana kao Problematiиno u code-projects Blood Bank Management System 1.0. Obuhvaćeno je nepoznata funkcija u fajlu /file/delete.php. Promena parametra bid uzrokuje Falsifikovanje zahteva za unakrsni sajt. Korišćenje CWE za deklarisanje problema vodi do CWE-352. Objava slabosti je izvršena 10/28/2024. Obaveštenje je dostupno za preuzimanje na github.com. Ova ranjivost je označena kao CVE-2024-10448. Moguće je pokrenuti napad na daljinu. Napad mora biti izveden unutar lokalne mreže. Tehnički detalji su dostupni. Штавише, експлоит је доступан. Eksploatacija je otkrivena javnosti i može biti iskorišćena. U ovom trenutku, trenutna cena za eksploataciju može iznositi oko USD $0-$5k. Označeno je kao dokaz-of-koncept. Eksploat je dostupan za preuzimanje na github.com. Kao 0-day, procenjena cena na crnom tržištu bila je oko $0-$5k. If you want to get best quality of vulnerability data, you may have to visit VulDB.

3 Promene · 101 Tačke podataka

Polje	Kreirali 10/28/2024 07:22	Ažurira 1/2 03/02/2025 22:56	Ažurira 2/2 10/23/2025 23:13
cvss4_vuldb_ac	L	L	L
cvss4_vuldb_pr	N	N	N
cvss4_vuldb_vc	N	N	N
cvss4_vuldb_vi	L	L	L
cvss4_vuldb_va	N	N	N
cvss4_vuldb_e	P	P	P
cvss2_vuldb_rl	ND	ND	ND
cvss3_vuldb_rl	X	X	X
cvss4_vuldb_at	N	N	N
cvss4_vuldb_ui	N	P	P
cvss4_vuldb_sc	N	N	N
cvss4_vuldb_si	N	N	N
cvss4_vuldb_sa	N	N	N
cvss2_vuldb_basescore	5.0	5.0	5.0
cvss2_vuldb_tempscore	4.3	4.3	4.3
cvss3_vuldb_basescore	4.3	4.3	4.3
cvss3_vuldb_tempscore	3.9	3.9	3.9
cvss3_meta_basescore	4.3	4.3	5.0
cvss3_meta_tempscore	3.9	3.9	4.9
cvss4_vuldb_bscore	6.9	5.3	5.3
cvss4_vuldb_btscore	5.5	2.1	2.1
advisory_date	1730070000 (10/28/2024)	1730070000 (10/28/2024)	1730070000 (10/28/2024)
price_0day	$0-$5k	$0-$5k	$0-$5k
software_vendor	code-projects	code-projects	code-projects
software_name	Blood Bank Management System	Blood Bank Management System	Blood Bank Management System
software_version	1.0	1.0	1.0
software_file	/file/delete.php	/file/delete.php	/file/delete.php
software_argument	bid	bid	bid
vulnerability_cwe	CWE-352 (Falsifikovanje zahteva za unakrsni sajt)	CWE-352 (Falsifikovanje zahteva za unakrsni sajt)	CWE-352 (Falsifikovanje zahteva za unakrsni sajt)
vulnerability_risk	1	1	1
cvss3_vuldb_av	N	N	N
cvss3_vuldb_ac	L	L	L
cvss3_vuldb_pr	N	N	N
cvss3_vuldb_ui	R	R	R
cvss3_vuldb_s	U	U	U
cvss3_vuldb_c	N	N	N
cvss3_vuldb_i	L	L	L
cvss3_vuldb_a	N	N	N
cvss3_vuldb_e	P	P	P
cvss3_vuldb_rc	R	R	R
advisory_url	https://github.com/bevennyamande/bloodbank_delete_csrf_attack	https://github.com/bevennyamande/bloodbank_delete_csrf_attack	https://github.com/bevennyamande/bloodbank_delete_csrf_attack
exploit_availability	1	1	1
exploit_publicity	1	1	1
exploit_url	https://github.com/bevennyamande/bloodbank_delete_csrf_attack	https://github.com/bevennyamande/bloodbank_delete_csrf_attack	https://github.com/bevennyamande/bloodbank_delete_csrf_attack
source_cve	CVE-2024-10448	CVE-2024-10448	CVE-2024-10448
cna_responsible	VulDB	VulDB	VulDB
decision_summary	Other endpoints might be affected as well.	Other endpoints might be affected as well.	Other endpoints might be affected as well.
software_type	Banking Software	Banking Software	Banking Software
cvss2_vuldb_av	N	N	N
cvss2_vuldb_ac	L	L	L
cvss2_vuldb_au	N	N	N
cvss2_vuldb_ci	N	N	N
cvss2_vuldb_ii	P	P	P
cvss2_vuldb_ai	N	N	N
cvss2_vuldb_e	POC	POC	POC
cvss2_vuldb_rc	UR	UR	UR
cvss4_vuldb_av	N	N	N
cvss2_cna_au			N
cvss2_cna_ci			N
cvss2_cna_ii			P
cvss2_cna_ai			N
cvss2_cna_basescore			5
cve_nvd_summary			A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well.
cve_nvd_summaryes			Se ha encontrado una vulnerabilidad clasificada como problemática en code-projects Blood Bank Management System 1.0. Este problema afecta a algunas funciones desconocidas del archivo /file/delete.php. La manipulación del argumento bid conduce a cross-site request forgery. El ataque puede ejecutarse de forma remota. El exploit se ha hecho público y puede utilizarse. También pueden verse afectados otros endpoints.
cvss4_cna_av			N
cvss4_cna_ac			L
cvss4_cna_at			N
cvss4_cna_pr			N
cvss4_cna_ui			N
cvss4_cna_vc			N
cvss4_cna_vi			L
cvss4_cna_va			N
cvss4_cna_sc			N
cvss4_cna_si			N
cvss4_cna_sa			N
cvss4_cna_bscore			6.9
cvss3_cna_av			N
cvss3_cna_ac			L
cvss3_cna_pr			N
cvss3_cna_ui			R
cvss3_cna_s			U
cvss3_cna_c			N
cvss3_cna_i			L
cvss3_cna_a			N
cvss3_cna_basescore			4.3
cvss3_nvd_av			N
cvss3_nvd_ac			L
cvss3_nvd_pr			N
cvss3_nvd_ui			R
cvss3_nvd_s			U
cvss3_nvd_c			N
cvss3_nvd_i			H
cvss3_nvd_a			N
cvss3_nvd_basescore			6.5
cvss2_cna_av			N
cvss2_cna_ac			L

◂ Prethodne Pregled Sledeжi ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!