CVE-2025-63532

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The application fails to properly sanitize user-supplied input in SQL queries, allowing an attacker to inject arbitrary SQL code. By manipulating the search field, an attacker can bypass authentication and gain unauthorized access to the system.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.6 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
mitreCNA
9.6 CRITICAL
NETWORK
LOW
LOW
CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:L/S:C/UI:N
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 22%
VendorProductVersion
shridharshuklblood_bank_management_system
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing
https://github.com/Shridharshukl/Blood-Bank-Management-System
https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63532.md