Description
A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used.
Published: 2026-05-04
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability resides in the request_blood.php component of the BloodBank Managing System. It permits an attacker to upload files without any restriction on file type or size, enabling the placement of potentially executable content on the server. The upload function can be invoked remotely, and the exploit has already been published online, implying a realistic threat of executing arbitrary code or planting malicious web content.

Affected Systems

The affected product is code‑projects BloodBank Managing System, version 1.0. No other versions or products are listed as impacted.

Risk and Exploitability

The CVSS score of 5.3 places the issue in the medium severity band. The EPSS score is not available, and the vulnerability is not yet listed in the CISA KEV catalog. Because the flaw allows unrestricted upload from remote users, the attack vector is inferred to be remote exploitation, with a moderate likelihood of successful compromise if no patch is applied.

Generated by OpenCVE AI on May 4, 2026 at 06:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor’s official patch or upgrade to a later version of BloodBank Managing System that limits uploaded file types and sizes.
  • If no patch is available, configure the upload handler to accept only safe file types, validate MIME types server‑side, and store uploaded files outside of the web root to prevent execution.
  • Deploy a web application firewall or server‐level rule to block uploads of scripts or executable files and monitor the upload directory for anomalous activity.

Generated by OpenCVE AI on May 4, 2026 at 06:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 05 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 04 May 2026 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Code-projects
Code-projects blood Bank Management System
Vendors & Products Code-projects
Code-projects blood Bank Management System

Mon, 04 May 2026 05:30:00 +0000

Type Values Removed Values Added
Description A vulnerability was detected in code-projects BloodBank Managing System 1.0. The impacted element is an unknown function of the file request_blood.php. The manipulation results in unrestricted upload. The attack can be executed remotely. The exploit is now public and may be used.
Title code-projects BloodBank Managing System request_blood.php unrestricted upload
Weaknesses CWE-284
CWE-434
References
Metrics cvssV2_0

{'score': 6.5, 'vector': 'AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR'}

cvssV3_0

{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV3_1

{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R'}

cvssV4_0

{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P'}

Subscriptions

Code-projects Blood Bank Management System
cve-icon MITRE

Status: PUBLISHED

Assigner: VulDB

Published:

Updated: 2026-05-05T19:07:33.662Z

Reserved: 2026-05-03T16:08:26.310Z

Link: CVE-2026-7732

cve-icon Vulnrichment

Updated: 2026-05-05T18:54:38.309Z

cve-icon NVD

Status : Deferred

Published: 2026-05-04T06:16:01.857

Modified: 2026-05-05T20:16:41.097

Link: CVE-2026-7732

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-04T19:15:06Z

Weaknesses