CVE-2025-11481 MEDIUM

CVE-2025-11481: varunsardana004 Blood-Bank-And-Donation-Management-System donate_blood.php sql injection

Vendor Varunsardana004
Product Blood-Bank-And-Donation-Management-System
Weakness CWE-89 · SQLi
Published October 8, 2025
Last update October 8, 2025

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A flaw has been found in varunsardana004 Blood-Bank-And-Donation-Management-System up to dc9e0393d826fbc85fad9755b5bc12cba1919df2. The impacted element is an unknown function of the file /donate_blood.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

Key dates

02Disclosure timeline

October 8, 2025 CVE published
October 8, 2025 Record updated