Description
A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the request_blood.php component of the BloodBank Managing System. It permits an attacker to upload files without any restriction on file type or size, enabling the placement of potentially executable content on the server. The upload function can be invoked remotely, and the exploit has already been published online, implying a realistic threat of executing arbitrary code or planting malicious web content.

Affected Systems

The affected product is code‑projects BloodBank Managing System, version 1.0. No other versions or products are listed as impacted.

Risk and Exploitability

The CVSS score of 5.3 places the issue in the medium severity band. The EPSS score is not available, and the vulnerability is not yet listed in the CISA KEV catalog. Because the flaw allows unrestricted upload from remote users, the attack vector is inferred to be remote exploitation, with a moderate likelihood of successful compromise if no patch is applied.

Generated by OpenCVE AI on May 4, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s official patch or upgrade to a later version of BloodBank Managing System that limits uploaded file types and sizes.
  • If no patch is available, configure the upload handler to accept only safe file types, validate MIME types server‑side, and store uploaded files outside of the web root to prevent execution.
  • Deploy a web application firewall or server‐level rule to block uploads of scripts or executable files and monitor the upload directory for anomalous activity.

Generated by OpenCVE AI on May 4, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 04 May 2026 05:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used.
Title code-projects BloodBank Managing System request_blood.php unrestricted upload
Weaknesses CWE-284
CWE-434
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-04T04:30:13.786Z

Reserved: 2026-05-03T16:08:26.310Z

Link: CVE-2026-7732

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-04T06:16:01.857

Modified: 2026-05-04T06:16:01.857

Link: CVE-2026-7732

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T06:30:38Z

Weaknesses