从这个网页截图中,可以获取到以下关于漏洞的关键信息: 1. 漏洞编号:#431494 2. 漏洞名称:code-projects Blood Bank Management System 1.0 SQL Injection 3. 漏洞描述: - SQL Injection vulnerability has been identified in the BloodBank Management System version 1.0. - The issue occurs in the file acceptance functionality, which processes requests by hospitals or donors. - The reqid parameter is not properly sanitized, allowing attackers to manipulate SQL queries and execute arbitrary database operations. - This vulnerability enables time-based blind SQL injection, where malicious SQL code forces the database to delay its response. - The response time reveals whether the query executed successfully. - Attackers can: - Extract sensitive data by repeatedly querying the database. - Modify or delete database records. - Perform Denial of Service (DoS) by executing time-consuming operations, impacting availability. 4. 漏洞来源: - https://gist.github.com/higordiego/5f927c5e0502b4ec31b3f7ef12556942 5. 提交者:c4tr4ck (UID 75518) 6. 提交时间:2024年10月25日 03:25 PM 7. 审核时间:2024年10月26日 09:14 AM 8. 状态:已接受 9. VulDB Entry编号:281939 10. 积分:20