CVE-2025-63532

CVE-2025-63532 is a SQL injection vulnerability (CWE-89) affecting Blood Bank Management System 1.0, specifically within the cancel.php component. Published on 2025-12-01T16:15:55.800, it carries a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N). The vulnerability arises because the application does not properly sanitize user-supplied input in SQL queries, enabling attackers to inject arbitrary SQL code through manipulation of the search field.

An attacker with low privileges (PR:L) can exploit this vulnerability remotely over the network (AV:N) with low attack complexity (AC:L) and without requiring user interaction (UI:N). Successful exploitation alters the scope (S:C) and results in high impacts to confidentiality (C:H) and integrity (I:H), with no availability impact (A:N). By injecting SQL via the search field, the attacker can bypass authentication mechanisms and gain unauthorized access to the system.

Advisories and additional details are available in the provided references, including a Google Drive document at https://drive.google.com/file/d/12yeOXW_sN69QjsQtW0_k9AGqozi1s0di/view?usp=sharing, the Blood Bank Management System GitHub repository at https://github.com/Shridharshukl/Blood-Bank-Management-System, and a CVE-specific page at https://github.com/kiwi865/CVEs/blob/main/CVE-2025-63532.md.