CVE-2025-3306 MEDIUM

CVE-2025-3306: code-projects Blood Bank Management System don.php sql injection

Vendor Code-Projects

Product Blood Bank Management System

Weakness CWE-89 · SQLi

Published April 6, 2025

Last update April 7, 2025

View on NVD All CVEs

CVSS base score

6.9/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in code-projects Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /don.php. The manipulation of the argument fullname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

Key dates

02Disclosure timeline

April 6, 2025 CVE published

April 7, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2025-3306

Related vulnerabilities

04Related CVE

CVE-2026-2495 WPNakama <= 0.6.5 - Unauthenticated SQL Injection via 'order' REST API Parameter CVE-2025-4266 PHPGurukul Notice Board System bwdates-reports-details.php sql injection CVE-2025-13724 VikRentCar Car Rental Management System <= 1.4.4 - Authenticated (Author+) SQL Injection via 'month' Parameter CVE-2019-12682 Cisco Firepower Management Center SQL Injection Vulnerabilities CVE-2026-48237 Open ISES Tickets < 3.44.2 SQL Injection via message.php frm_ticket_id and frm_resp_id Parameters