CVE-2024-10448 MEDIUM

CVE-2024-10448: code-projects Blood Bank Management System delete.php cross-site request forgery

Vendor Code-Projects

Product Blood Bank Management System

Weakness CWE-352 · CSRF

Published October 28, 2024

Last update October 28, 2024

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /file/delete.php. The manipulation of the argument bid leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well.

Key dates

02Disclosure timeline

October 28, 2024 CVE published

October 28, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-10448 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/352.html

Related vulnerabilities

04Related CVE

CVE-2024-34817 WordPress Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability CVE-2026-1673 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net <= 1.1.5 - Cross-Site Request Forgery to Taxonomy Term Deletion CVE-2025-26963 WordPress ClickWhale plugin <= 2.4.3 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability CVE-2024-13774 Wishlist for WooCommerce: Multi Wishlists Per Customer <= 3.1.7 - Cross-Site Request Forgery to Cross-Site Scriping via Wishlist Name CVE-2022-46813 WordPress Advanced Database Cleaner Plugin <= 3.1.1 is vulnerable to Cross Site Request Forgery (CSRF)