Vulnerabilities > CVE-2022-38813 - Exposure of Resource to Wrong Sphere vulnerability in PHPgurukul Blood Donor Management System Project PHPgurukul Blood Donor Management System 1.0
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
PHPGurukul Blood Donor Management System 1.0 does not properly restrict access to admin/dashboard.php, which allows attackers to access all data of users, delete the users, add and manage Blood Group, and Submit Report.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
References
- https://drive.google.com/file/d/1iMswKzoUvindXUGh1cuAmi-0R84tLDaH/view?usp=sharing
- https://ihexcoder.wixsite.com/secresearch/post/cve-2022-38813-privilege-escalations-in-blood-donor-management-system-v1-0
- https://github.com/RashidKhanPathan/CVE-2022-38813
- https://phpgurukul.com/blood-donor-management-system-using-codeigniter