CVE-2025-11481

Unknown Unknown - Not Provided

BaseFortify

Publication date: 2025-10-08

Last updated on: 2026-04-29

Assigner: VulDB

Description

A flaw has been found in varunsardana004 Blood-Bank-And-Donation-Management-System up to dc9e0393d826fbc85fad9755b5bc12cba1919df2. The impacted element is an unknown function of the file /donate_blood.php. Executing manipulation of the argument fullname can lead to sql injection. The attack may be performed from remote. The exploit has been published and may be used. This product utilizes a rolling release system for continuous delivery, and as such, version information for affected or updated releases is not disclosed.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published

2025-10-08

Last Modified

2026-04-29

Generated

2026-05-07

AI Q&A

2025-10-08

EPSS Evaluated

2026-05-05

NVD

CVE-2025-11481

EUVD

EUVD-2025-33299

Affected Vendors & Products

Vendor	Product	Version / Range
varunsardana004	blood_bank_and_donation_management_system	to 2021-03-18 (inc)

Helpful Resources

Exploitability

CWE

KEV

CWE ID	Description
CWE-74	The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.
CWE-89	The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

CWE ID

Description

CWE-74

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

CWE-89

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Attack-Flow Graph

AI Powered Q&A

Can you explain this vulnerability to me?

This vulnerability is a SQL injection flaw in the Blood-Bank-And-Donation-Management-System, specifically in the /donate_blood.php file. Manipulating the 'fullname' argument can allow an attacker to execute unauthorized SQL commands remotely, potentially compromising the database.

How can this vulnerability impact me? :

The vulnerability can allow attackers to perform SQL injection attacks remotely, which may lead to unauthorized access, data leakage, data modification, or disruption of the Blood-Bank-And-Donation-Management-System's database and services.

Ask Our AI Assistant

Need more information? Ask your question to get an AI reply (Powered by our expertise)

0/70

CVE-2025-11481

BaseFortify

Description

CVSS Scores

EPSS Scores

Meta Information

Affected Vendors & Products

Helpful Resources

Exploitability

Attack-Flow Graph

AI Powered Q&A

Ask Our AI Assistant

EPSS Chart