CVE-2025-63529

Medium CVSS: 6.1

A session fixation vulnerability exists in Blood Bank Management System 1.0 in login.php that allows an attacker to set or predict a user's session identifier prior to authentication. When the victim logs in, the application continues to use the attacker-supplied session ID rather than generating a new one, enabling the attacker to hijack the authenticated session and gain unauthorized access to the victim's account.

Vendor

Shridharshukl

Product

Blood Bank Management System

CWE

CWE-384

Yayın Tarihi

2025-12-01 15:15:51

Güncelleme

2025-12-02 03:04:27

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-384 Blood Bank Management System MEDIUM Shridharshukl 2025

Referanslar

https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing https://github.com/Shridharshukl/Blood-Bank-Management-System https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63529.md

Benzer Kayıtlar

High

CVE-2025-63534

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the login.php component…

Critical

CVE-2025-63535

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the abs.php component. The applicati…

Critical

CVE-2025-63532

A SQL injection vulnerability exists in the Blood Bank Management System 1.0 within the cancel.php component. The applic…

High

CVE-2025-63533

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System 1.0 within the updateprofile.php a…

Critical

CVE-2025-63525

An issue was discovered in Blood Bank Management System 1.0 allowing authenticated attackers to perform actions with esc…

High

CVE-2025-63526

A cross-site scripting (XSS) vulnerability exists in the Blood Bank Management System within the abs.php component. The…