从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:#431686 2. 漏洞类型:SQL Injection 3. 漏洞描述: - SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0, specifically in the cancel request functionality. - This flaw arises from a lack of proper input sanitization on the reqid parameter, enabling malicious users to inject SQL commands into the query handling cancellation requests. - The vulnerability allows for a time-based blind SQL injection attack. 4. 漏洞影响: - Exfiltration of sensitive data over time. - Denial of Service (DoS) by slowing down the system. - Tampering with blood request statuses, including unauthorized cancellations. 5. 漏洞来源: - https://gist.github.com/higordiego/18cf04067697c8ceb2cba68980139dcc 6. 提交者:c4tr4ck (UID 75518) 7. 提交时间:2024年10月25日 21:53 8. 审核时间:2024年10月26日 15:43 9. 状态:已接受 10. VulDB Entry编号:281957 11. 积分:20