top of page
  • Writer's pictureHex Coder

CVE-2022-38813 Privilege Escalations in Blood Donor Management System Using CodeIgniter - 1.0

Updated: Sep 18, 2022



Exploit Title: Privilege Escalations in Blood Donor Management System Using CodeIgniter - 1.0 Date: 9 Sep 2022 Exploit Author: RashidKhan Pathan Vendor Homepage: https://phpgurukul.com/blood-donor-management-system-using-codeigniter Software Link: https://phpgurukul.com/blood-donor-management-system-using-codeigniter Version: v1.0 Tested on: Windows 10, Kali Linux CVE : CVE-2022-38813



Description:

PHPGurukul Blood Donor Management System 1.0 does not properly restrict

access to admin/dashboard.php, which allows attackers to access all

data of users, delete the users, add and manage Blood Group, and Submit

Report.


Steps to Reproduce: 1: to Exploit the Vulnerability Attacker have to login with user account and attacker need to change user endpoint in to admin endpoint in url,


2: Eg: http://localhost/blood/user/dashboard Change to http://localhost/blood/admin/dashboard Proof Of Concept: https://drive.google.com/file/d/1lmU8zuyzyC9LHFXuXzamnkcLcjcfs0xE/view?usp=sharing

299 views0 comments

Comments


bottom of page