从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:#431491 2. 漏洞标题:code-projects Blood Bank Management System 1.0 SQL Injection 3. 漏洞描述: - SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0. - The vulnerability occurs in the search functionality when users query blood type availability. - The search parameter is not properly sanitized, allowing attackers to inject malicious SQL queries. 4. 漏洞影响: - Unauthorized access to sensitive data (e.g., donor or recipient information). - Database corruption or deletion. - Denial of Service (DoS) attacks by causing the database to execute time-consuming operations. - Since the injected payload persists through the search feature, this high-risk vulnerability could be exploited by remote attackers, leading to a significant breach of confidentiality and availability. 5. 漏洞来源: - https://gist.github.com/higordiego/46090516ba1b13fe3d2607ab4c0114f1 6. 提交者:c4trr4ck (UID 75518) 7. 提交时间:2024年10月25日 15:14 8. 审核时间:2024年10月26日 09:14 9. 状态:已接受 10. VulDB Entry编号:281938 11. 积分:20