Vulnerability Details CVE-2022-38813
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.028
EPSS Ranking 85.5%
CVSS Severity
CVSS v3 Score 8.1
References
- https://drive.google.com/file/d/1iMswKzoUvindXUGh1cuAmi-0R84tLDaH/view?usp=sharing
- https://github.com/RashidKhanPathan/CVE-2022-38813
- https://ihexcoder.wixsite.com/secresearch/post/cve-2022-38813-privilege-escalations-in-blood-donor-management-system-v1-0
- https://phpgurukul.com/blood-donor-management-system-using-codeigniter
- https://drive.google.com/file/d/1iMswKzoUvindXUGh1cuAmi-0R84tLDaH/view?usp=sharing
- https://github.com/RashidKhanPathan/CVE-2022-38813
- https://ihexcoder.wixsite.com/secresearch/post/cve-2022-38813-privilege-escalations-in-blood-donor-management-system-v1-0
- https://phpgurukul.com/blood-donor-management-system-using-codeigniter
Products affected by CVE-2022-38813
-
Phpgurukul Blood Donor Management System Project » Phpgurukul Blood Donor Management System » Version: 1.0cpe:2.3:a:phpgurukul_blood_donor_management_system_project:phpgurukul_blood_donor_management_system:1.0